TeamViewer on Thursday disclosed it detected an “irregularity” in its inside company IT surroundings on June 26, 2024.
“We instantly activated our response staff and procedures, began investigations along with a staff of worldwide famend cyber security specialists and carried out essential remediation measures,” the corporate stated in a press release.
It additional famous that its company IT surroundings is totally minimize off from the product surroundings and that there isn’t a proof to point that any buyer information has been impacted because of the incident.
It didn’t disclose any particulars as to who could have been behind the intrusion and the way they had been in a position to pull it off, however stated an investigation is underway and that it could present standing updates as and when new data turns into accessible.
TeamViewer, primarily based in Germany, is the maker of distant monitoring and administration (RMM) software program that enables managed service suppliers (MSPs) and IT departments to handle servers, workstations, community units, and endpoints. It is utilized by over 600,000 prospects.
Curiously, the U.S. Well being Info Sharing and Evaluation Heart (Well being-ISAC) has issued a bulletin about menace actors’ energetic exploitation of TeamViewer, in keeping with the American Hospital Affiliation (AHA).
“Risk actors have been noticed leveraging distant entry instruments,” the non-profit reportedly stated. “Teamviewer has been noticed being exploited by menace actors related to APT29.”
It is at present unclear at this stage whether or not this implies the attackers are abusing shortcomings in TeamViewer to breach buyer networks, utilizing poor security practices to infiltrate targets and deploy the software program, or they’ve carried out an assault on TeamViewer’s personal programs.
APT29, additionally referred to as BlueBravo, Cloaked Ursa, Cozy Bear, Midnight Blizzard, and The Dukes, is a state-sponsored menace actor affiliated with the Russian International Intelligence Service (SVR). Not too long ago, it was linked to the breaches of Microsoft and Hewlett Packard Enterprise (HPE).
Microsoft has since revealed that some buyer electronic mail inboxes had been additionally accessed by APT29 following the hack that got here to mild earlier this 12 months, per stories from Bloomberg and Reuters.
“This week we’re persevering with notifications to prospects who corresponded with Microsoft company electronic mail accounts that had been exfiltrated by the Midnight Blizzard menace actor,” the tech large was quoted as saying to the information company.
