TeamViewer, the corporate that makes extensively used distant entry instruments for corporations, has confirmed an ongoing cyberattack on its company community.
In an announcement Friday, the corporate attributed the compromise to government-backed hackers working for Russian intelligence, generally known as APT29 (and Midnight Blizzard).
The Germany-based firm mentioned its investigation to this point factors to an preliminary intrusion on June 26 “tied to credentials of a normal worker account inside our company IT surroundings.”
TeamViewer mentioned that the cyberattack “was contained” to its company community and that the corporate retains its inside community and buyer methods separate. The corporate added that it has “no proof that the risk actor gained entry to our product surroundings or buyer knowledge.”
Martina Dier, a spokesperson for TeamViewer, declined to reply a collection of questions from information.killnetswitch, together with whether or not the corporate has the technical skill, equivalent to logs, to find out what, if any, knowledge was accessed or exfiltrated from its community.
TeamViewer is likely one of the extra widespread suppliers of distant entry instruments, permitting its company prospects — together with transport large DHL and beverage maker Coca-Cola, per its web site — to entry different gadgets and computer systems from over the web. The corporate says it has greater than 600,000 paying prospects and facilitates distant entry to greater than 2.5 billion gadgets all over the world.
TeamViewer can be recognized to be abused by malicious hackers for its skill for use to remotely plant malware on a sufferer’s machine.
It’s not recognized how the TeamViewer worker’s credentials have been compromised, and TeamViewer didn’t say.
The U.S. authorities and security researchers have lengthy attributed APT29 to hackers working for Russia’s overseas intelligence service, the SVR. APT29 is likely one of the extra persistent, well-resourced government-backed hacking teams, and recognized for its use of easy however efficient hacking strategies — together with stealing passwords — to conduct long-running stealthy espionage campaigns that depend on stealing delicate knowledge.
TeamViewer is the most recent tech firm focused by Russia’s SVR of late. The identical group of presidency hackers compromised Microsoft’s company community earlier this 12 months to steal emails from prime executives to study what was recognized in regards to the intruding hackers themselves. Microsoft mentioned different tech corporations have been compromised through the ongoing Russian espionage marketing campaign, and U.S. cybersecurity company CISA confirmed federal authorities emails hosted on Microsoft’s cloud have been additionally stolen.
Months later, Microsoft mentioned it was struggling to eject the hackers from its methods, calling the marketing campaign a “sustained, important dedication” of the Russian authorities’s “assets, coordination, and focus.”
The U.S. authorities additionally blamed Russia’s APT29 for the 2019-2020 espionage marketing campaign focusing on U.S. software program agency SolarWinds. The cyberattack noticed the mass-hacking of U.S. federal authorities businesses by the use of planting a hidden malicious backdoor in SolarWinds’ flagship software program. When the contaminated software program replace was pushed out to SolarWinds’ prospects, the Russian hackers had entry to each community operating the compromised software program, together with the Treasury, Justice Division, and the Division of State.
Are you aware extra in regards to the TeamViewer cyberattack? Get in contact. To contact this reporter, get in contact on Sign and WhatsApp at +1 646-755-8849, or by e mail. You can also ship recordsdata and paperwork through SecureDrop.