June 28, 2024 at 10:48AM
TeamViewer, a widely used RMM software, has reported a breach in their corporate network believed to be orchestrated by the Russian state-sponsored hacking group Midnight Blizzard. The company believes the breach occurred using an employee’s credentials. TeamViewer assures customers that their production environment and customer data were not accessed, recommending measures like multi-factor authentication for customer security.
From the meeting notes, it can be deduced that TeamViewer suffered a breach by a Russian state-sponsored hacking group, Midnight Blizzard, which occurred on June 26. The company has attributed the attack to APT29 / Midnight Blizzard and stated that it was the corporate network, not the production environment, that was breached. TeamViewer has confirmed that there is no evidence of the production environment or customer data being accessed during the attack and emphasized the segregation of their internal systems.
While TeamViewer has provided reassurance, it is advised that their customers take precautionary measures such as enabling multi-factor authentication, setting up allow and block lists, and monitoring network connections and logs. Additionally, it is important to note that more information may surface as the investigation progresses, especially given the sophistication of the threat actor involved.
BleepingComputer has reached out to TeamViewer for further details about the investigation and the compromise of employee credentials, but has not yet received a response.