Compromiseseverity: High2017-09-18

CCleaner supply-chain compromise attributed to APT41

published by Cisco Talos

Actor

APT41CN · ChinaAPT

Chinese state-affiliated group notable for blending espionage with financially-motivated operations (game-industry currency theft, cryptocurrency). Implicated in multiple software supply-chain compro…

Summary

Trojanized CCleaner installer was distributed via Piriform's official update channel for approximately a month, reaching more than 2.27 million users. Second-stage targeting focused on technology companies; attributed by multiple researchers to the APT41/Barium intrusion set.

Primary source

blog.talosintelligence.com

Other APT41 events

2025-05-28Google GTIG disrupts APT41 TOUGHPROGRESS Google-Calendar-C2 campaign
2022-03-08APT41 compromises at least six U.S. state government networks
2020-09-16DOJ indicts five APT41 members for global intrusions

Summary

Tags

Primary source

Other APT41 events