Russian APT Reportedly Behind New TeamViewer Hack

Russian APT Reportedly Behind New TeamViewer Hack

June 28, 2024 at 05:48AM

TeamViewer detected a network compromise by a Russian APT group. The company’s internal IT environment was affected, but there’s no evidence of impact on the product environment or customer data. NCC Group and Health-ISAC reported the APT group’s involvement, recommending a review of remote desktop traffic. TeamViewer promises transparency during the ongoing investigation.

Based on the meeting notes, it has been reported that TeamViewer, a remote connectivity software provider, has detected a network compromise. Some reports have indicated that a Russian APT (Advanced Persistent Threat) may be behind the attack.

TeamViewer has stated that they detected an irregularity in their internal corporate IT environment on June 26, but they have emphasized that their product environment and customer data have not been affected. Investigations are ongoing, and their primary focus is to ensure the integrity of their systems.

Additionally, a user named Jeffrey reported that NCC Group’s threat intelligence team has informed customers about a significant compromise of the TeamViewer platform by an APT group, and the Health Information Sharing and Analysis Center (Health-ISAC) issued an alert attributing the attack to the Russia-linked APT29, also known as Cozy Bear and Midnight Blizzard.

Health-ISAC has recommended reviewing logs for any unusual remote desktop traffic, as threat actors have been observed leveraging remote access tools. APT29 is a Russian state-sponsored threat group known for high-impact attacks targeting important organizations.

Notably, TeamViewer has a history of being abused by malicious actors, including a confirmed hack in 2016, which the company did not disclose at the time after finding no evidence of impact on customers. It was believed that a threat actor operating out of China was behind the 2016 attack.

TeamViewer has promised to be transparent and provide updates as their investigation into the new breach progresses. These developments raise concerns about the security of remote access software and the potential risks of APT groups exploiting such platforms.

Full Article