Remote Access Firm TeamViewer Hit By Russian Intelligence Cyberattack

The intrusion was restricted to internal systems, the company said.

clock • 2 min read
Remote Access Firm TeamViewer Hit By Russian Intelligence Cyberattack

TeamViewer, the German software company behind the widely used remote access and management tool of the same name, disclosed on Thursday that it detected a suspicious activity within its internal IT environment on June 26.

The company said it immediately activated its security protocols and launched an investigation with the help of cybersecurity experts.

TeamViewer emphasized that the intrusion was contained within its internal systems.

"TeamViewer's internal corporate IT environment is completely independent from the product environment. There is no evidence to suggest that the product environment or customer data is affected," the firm said.

In another statement, TeamViewer attributed the attack to threat actor known as Midnight Blizzard/APT29.

The company found that the threat actor used a compromised employee account to copy the employee directory data, which included names, corporate contact information, and encrypted employee passwords for the internal corporate IT environment.

It said the risk associated with the encrypted passwords in the directory was mitigated in collaboration with leading experts from incident response partner, Microsoft.

"We hardened authentication procedures for our employees to a maximum level and implemented further strong protection layers. Additionally, we have started to rebuild the internal corporate IT environment towards a fully trusted state."

TeamViewer did not disclose how the hackers compromised an employee's credentials, but this method aligns with APT29's known tactics.

TeamViewer is a critical tool for many businesses, allowing them to remotely access and manage devices and computers.

With more than 600,000 paying customers facilitating remote access to over 2.5 billion devices globally, a successful attack on TeamViewer could have far-reaching consequences.

Security firm NCC Group, which initially reported the breach, recommended a cautious approach. It advised users to remove TeamViewer until further details are known about the type of compromise.

TeamViewer is not the first tech company targeted by APT29 in recent months.

The group gained global attention due to its involvement in the SolarWinds supply chain breach in December 2020.

Since then, it has persisted in employing sophisticated tools in targeted attacks, specifically aimed at foreign ministries and diplomatic entities.

APT29 is linked to Russia's intelligence services and is monitored under various names such as Midnight Blizzard, Nobelium, Cozy Bear, Iron Hemlock and The Dukes.

During the SolarWinds hack, the attackers compromised the company's Orion network monitoring software and inserted malicious code into legitimate software updates for the Orion software, which allowed them remote access into the victim's environment.

Microsoft, one of those victims, said later that the hackers were able to access some of its source code, although they could not make any changes to it.

In January, Microsoft disclosed that hackers compromised its corporate network in November 2023, resulting in the theft of emails from top executives. This week Microsoft informed some customers that their email was compromised, too.

Also in January, Hewlett Packard Enterprise (HPE) said its cloud-based email systems were infiltrated by Midnight Blizzard, affecting a "small percentage" of HPE mailboxes in various departments.

This article originally appeared on our sister site, Computing. 

You may also like
Malicious Python Packages Found Exfiltrating User Data To Telegram Bot

Security

Appears to be part of a wider operation by crime gang based in Iraq, say Checkmarx researchers

clock 07-16-2024 • 2 min read
Surge In Global Ransomware Attacks As LockBit Returns

Security

LockBit 3.0 resurfaces as leading threat actor.

clock 06-21-2024 • 3 min read
Biden Administration Bans Kaspersky Software Over Security Concerns

Security

Commerce secretary Gina Raimondo highlighted threats to critical infrastructure, while Kaspersky plans legal action.

clock 06-21-2024 • 3 min read

More on Security

Malicious Python Packages Found Exfiltrating User Data To Telegram Bot

Malicious Python Packages Found Exfiltrating User Data To Telegram Bot

Appears to be part of a wider operation by crime gang based in Iraq, say Checkmarx researchers

John Leonard
clock 07-16-2024 • 2 min read
Mammoth Microsoft Patch Tuesday Fixes Four Zero-Days, Five Critical Bugs

Mammoth Microsoft Patch Tuesday Fixes Four Zero-Days, Five Critical Bugs

142 holes plugged this month

John Leonard
clock 07-12-2024 • 3 min read
Remote Access Firm TeamViewer Hit By Russian Intelligence Cyberattack

Remote Access Firm TeamViewer Hit By Russian Intelligence Cyberattack

The intrusion was restricted to internal systems, the company said.

clock 07-01-2024 • 2 min read