Hackers who booby-trapped widely used security software also used their malware to infiltrate machines at tech firms, suggests analysis.
Evidence that other companies had been compromised came to light as Cisco researchers probed how attackers got at the popular CCleaner programme.
Millions of people downloaded a Windows version that hackers had laced with malicious code.
Cisco said the attackers were seeking valuable intellectual property.
Last week CCleaner creator Piriform revealed that attackers had managed to place a hijacked copy of version 5.33 that works on Windows on some download servers. The booby-trapped code was available for about a month between August and September,
Millions of people downloaded the compromised version of CCleaner but damage was limited because whoever created it had not updated it to include elements that could scan machines and steal data.
However, Cisco said its analysis suggested that attackers had taken that extra step on machines at tech firms they had managed to infiltrate.
Hi-tech giants including Cisco, Intel, Google, Samsung and Microsoft were among the 20 or so companies believed to have been hit in this way.
"These new findings raise our level of concern about these events, as elements of our research point towards a possible unknown, sophisticated actor," wrote the Cisco researchers.
Cisco said it was likely that a lot of other firms had been hit by whoever was behind the sophisticated and wide-ranging attack.
It recommended that anyone cleaning up after finding they had been compromised restore machines from backup as it was not clear what other code the attackers had installed on those computers. It said it was still analysing the code to find out exactly what it did.
Cisco said it was not yet clear who carried out the sophisticated attack on CCleaner and the other technology firms.