SECURITYWEEK NETWORK:

ICS:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Data Breaches

Russian APT Reportedly Behind New TeamViewer Hack

TeamViewer’s corporate network was hacked and some reports say the Russian group APT29 is behind the attack.
Teamviewer hacked

Remote connectivity software provider TeamViewer has detected a corporate network compromise and some reports say a Russian APT is behind the attack.

According to a statement posted on the TeamViewer website, the company’s security team detected “an irregularity” in the internal corporate IT environment on June 26. 

“TeamViewer’s internal corporate IT environment is completely independent from the product environment,” the company said. “There is no evidence to suggest that the product environment or customer data is affected. Investigations are ongoing and our primary focus remains to ensure the integrity of our systems.”

A Mastodon user named Jeffrey reported on Thursday that NCC Group’s threat intelligence team has been informing the cybersecurity firm’s customers about a “significant compromise of the TeamViewer remote access and support platform by an APT group.”

The same user said the US-based Health Information Sharing and Analysis Center (Health-ISAC) has issued an alert saying that the organization learned from a trusted intelligence partner that the notorious Russia-linked APT29 is behind the attack and “actively exploiting TeamViewer”. 

“Health-ISAC recommends reviewing logs for any unusual remote desktop traffic. Threat actors have been observed leveraging remote access tools,” the organization is quoted as saying. 

APT29, which among many other names is also known as Cozy Bear and Midnight Blizzard, is a Russian state-sponsored threat group known for high-impact attacks targeting important organizations

In the past years, TeamViewer was often abused by malicious actors to spy on users, including on government officials.

Advertisement. Scroll to continue reading.

In 2019, the company confirmed that it was hacked in 2016, but argued that it decided not to disclose the incident at the time after finding no evidence of impact on customers. A threat actor likely operating out of China was believed to be behind the attack.   

As far as the new breach is concerned, TeamViewer has promised to be transparent and provide updates on the incident as its investigation progresses.

Related: US, Israel Provide Guidance on Securing Remote Access Software

Related: Hunter-Killer Malware Tactic Growing: Stealthy, Persistent and Aggressive

Related: AnyDesk Shares More Information on Recent Hack

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

More from

Latest News

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

CIEM Chat: How to Reduce Cloud Identity Risk
March 26, 2024

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

Event: AI Risk Summit | Ritz-Carlton, Half Moon Bay, CA
April 17, 2024

The AI Risk Summit brings together security and risk management executives, AI researchers, policy makers, software developers and influential business and government stakeholders.

Register

People on the Move

Former federal CISO Chris DeRusha has been appointed Director of Global Public Sector Compliance at Google Cloud.

Cybersecurity veteran Kevin Mandia has been named General Partner of Ballistic Ventures.

Mark Sutton, CISO at Bain Capital, has joined the Board of Directors at AI security firm Harmonic Security.

More People On The Move

Expert Insights