According to research by Cisco Systems released late on Wednesday, the cyber attackers, who hacked widely used computer utility software in August, also tried to infect machines at top technology companies, including Microsoft, Intel and Samsung.
The malware that infected popular utility software CCleaner may have been far more serious than previously though. The breach was disclosed on Monday by Piriform, which is now a part of Avast Software.
Piriform and its parent company Avast had said in blog posts earlier this week that there was no damage because of the breach, although more than 2 million people had installed the infected versions of CCleaner.
Avast also said that even though hackers were able to use the infected versions of the utility software for remote communication with websites controlled by them, alarm was unwarranted because it cooperated with researchers and law enforcement, and took control of the command sites early on.
But researchers at Cisco claimed that a control server that had been seized by US law enforcement showed that the hackers had installed additional malicious software on at least 20 machines.
It is not clear which companies housed the infected computers, but data retrieved by Cisco showed that the hackers had targeted networks at major technology companies, including Samsung, Sony and Cisco itself.
"It's like the bad guys cast a net and caught all the fish, but only wanted to infect machines that were most interesting," Reuters quoted Craig Williams, a researcher at Cisco's Talos unit, as saying.
The hackers could have been using the foothold provided by CCleaner installations to steal technology secrets from those companies, Williams said.
Even worse, the hackers could have been looking to get malicious code inside those companies' products, which are used by governments and businesses around the world.
The attack reused code that was previously seen in earlier hacks connected to Chinese authorities, according to security firm Kaspersky Lab, Cisco and others. But the code could have been stolen, so the CCleaner hacker might not be from China.
