TeamViewer, the corporate that makes broadly used distant entry instruments for firms, has confirmed an ongoing cyberattack on its company community.
In an announcement Friday, the corporate attributed the compromise to government-backed hackers working for Russian intelligence, often known as APT29 (and Midnight Blizzard).
The Germany-based firm mentioned its investigation thus far factors to an preliminary intrusion on June 26 “tied to credentials of a regular worker account inside our company IT setting.”
TeamViewer mentioned that the cyberattack “was contained” to its company community and that the corporate retains its inside community and buyer programs separate. The corporate added that it has “no proof that the menace actor gained entry to our product setting or buyer knowledge.”
Martina Dier, a spokesperson for TeamViewer, declined to reply a sequence of questions from TechCrunch, together with whether or not the corporate has the technical skill, equivalent to logs, to find out what, if any, knowledge was accessed or exfiltrated from its community.
TeamViewer is without doubt one of the extra in style suppliers of distant entry instruments, permitting its company clients — together with transport large DHL and beverage maker Coca-Cola, per its web site — to entry different units and computer systems from over the web. The corporate says it has greater than 600,000 paying clients and facilitates distant entry to greater than 2.5 billion units around the globe.
TeamViewer can be recognized to be abused by malicious hackers for its skill for use to remotely plant malware on a sufferer’s gadget.
It’s not recognized how the TeamViewer worker’s credentials had been compromised, and TeamViewer didn’t say.
The U.S. authorities and safety researchers have lengthy attributed APT29 to hackers working for Russia’s international intelligence service, the SVR. APT29 is without doubt one of the extra persistent, well-resourced government-backed hacking teams, and recognized for its use of straightforward however efficient hacking strategies — together with stealing passwords — to conduct long-running stealthy espionage campaigns that depend on stealing delicate knowledge.
TeamViewer is the most recent tech firm focused by Russia’s SVR of late. The identical group of presidency hackers compromised Microsoft’s company community earlier this yr to steal emails from high executives to be taught what was recognized concerning the intruding hackers themselves. Microsoft mentioned different tech firms had been compromised in the course of the ongoing Russian espionage marketing campaign, and U.S. cybersecurity company CISA confirmed federal authorities emails hosted on Microsoft’s cloud had been additionally stolen.
Months later, Microsoft mentioned it was struggling to eject the hackers from its programs, calling the marketing campaign a “sustained, vital dedication” of the Russian authorities’s “sources, coordination, and focus.”
The U.S. authorities additionally blamed Russia’s APT29 for the 2019-2020 espionage marketing campaign concentrating on U.S. software program agency SolarWinds. The cyberattack noticed the mass-hacking of U.S. federal authorities companies by the use of planting a hidden malicious backdoor in SolarWinds’ flagship software program. When the contaminated software program replace was pushed out to SolarWinds’ clients, the Russian hackers had entry to each community working the compromised software program, together with the Treasury, Justice Division, and the Division of State.
Are you aware extra concerning the TeamViewer cyberattack? Get in contact. To contact this reporter, get in contact on Sign and WhatsApp at +1 646-755-8849, or by electronic mail. You can also ship information and paperwork by way of SecureDrop.
