Avast, a Czech cybersecurity software multinational, has admitted in a statement that it was the victim of a cybersecurity campaign called Abiss, in which its network was accessed.
Avast discovered that there were several intrusion attempts with different usernames and passwords to access its internal VPN. They explain that the internal VPN was accessed through a temporary VPN profile that was kept enabled by mistake and did not require two-step authentication when connecting.
The company points out that its product CCleaner may have been the main target of the cyberattack, so they verified previous versions of CCleaner and stopped those that were going to be published. Avast claims that, after the security updates sent, users are fully protected, and that they continue to investigate this cyberattack campaign.