TeamViewer, a popular remote access software provider, has acknowledged a hack on its corporate IT infrastructure. According to Lawrence Abrams’ post on BleepingComputer, the breach happened on June 26, 2024, and is believed to have been carried out by an Advanced Persistent Threat (APT) hacker organization.
TeamViewer said that their internal corporate IT systems had been infiltrated, causing them to implement rapid security measures and conduct investigations with worldwide cybersecurity specialists. They underlined that the incident did not affect their product environment, which is utilized by over 640,000 users globally, or consumer data. They also promised to maintain transparency in informing the public on the incident’s progress.
Despite their dedication to transparency, concerns were raised when it was revealed that TeamViewer’s IT security update website was marked with a tag that prevented search engines from indexing it, making information retrieval difficult for the general public.
TeamViewer’s software enables users to remotely operate computers as if they were physically there, making it essential for both personal and business users. The intrusion, albeit limited to TeamViewer’s business network, raises serious concerns owing to the software’s widespread use, which might provide hackers access to internal networks.
This is not TeamViewer’s first security problem. In 2019, they acknowledged a 2016 compromise caused by Chinese threat actors that used the Winnti backdoor. At the time, TeamViewer decided not to reveal the intrusion because no data theft was identified.
The current incident was first reported by IT security specialists on sites such as Mastodon and the Dutch Digital Trust Centre. NCC outfit’s Global Threat Intelligence team and Health-ISAC, a healthcare cybersecurity community, both reported the presence of APT29, a Russian hacking outfit also known as Cozy Bear.
APT29, a cyberespionage group affiliated with Russia’s SVR intelligence service, has been connected to a number of high-profile hacks, including intrusions of Western diplomats and Microsoft’s corporate email system.
While NCC Group’s report focused on the vulnerability, Health-ISAC’s alert cautioned about ongoing exploitation efforts against TeamViewer connections. This difference shows that several parts of the breach are being investigated.
Both TeamViewer and NCC Group declined to disclose any new information beyond their early disclosures and alerts, emphasizing the continuing nature of the inquiry.
In conclusion, TeamViewer’s latest hack by an accused APT organization has raised worries about cybersecurity flaws in commonly used remote access software. As investigations continue, stakeholders remain concerned about the possible impact on business and personal data security.
Original source: Lawrence Adams of Bleeping Computer on June 27, 2024. You can check out the full article here.
Hi, I'm Voss Xolani, and I'm passionate about all things AI. With many years of experience in the tech industry, I specialize in explaining the functionality and benefits of AI-powered software for both businesses and individual users. My content explores the latest AI tools, offering practical insights on how they can streamline workflows, boost productivity, and drive innovation. I also review new software solutions to help readers understand their features and applications. Beyond that, I stay up-to-date with AI trends and experiment with emerging technologies to provide the most relevant information.