TeamViewer, the corporate that makes broadly used distant entry instruments for corporations, has confirmed an ongoing cyberattack on its company community.
In a statement Friday, the corporate attributed the compromise to government-backed hackers working for Russian intelligence, often called APT29 (and Midnight Blizzard).
The Germany-based firm stated its investigation up to now factors to an preliminary intrusion on June 26 “tied to credentials of an ordinary worker account inside our company IT setting.”
TeamViewer stated that the cyberattack “was contained” to its company community and that the corporate retains its inner community and buyer programs separate. The corporate added that it has “no proof that the menace actor gained entry to our product setting or buyer knowledge.”
Martina Dier, a spokesperson for TeamViewer, declined to reply a sequence of questions from TechCrunch, together with whether or not the corporate has the technical means, akin to logs, to find out what, if any, knowledge was accessed or exfiltrated from its community.
TeamViewer is without doubt one of the extra standard suppliers of distant entry instruments, permitting its company prospects — together with delivery large DHL and beverage maker Coca-Cola, per its website — to entry different units and computer systems from over the web. The corporate says it has more than 600,000 paying customers and facilitates distant entry to greater than 2.5 billion units all over the world.
TeamViewer can be known to be abused by malicious hackers for its means for use to remotely plant malware on a sufferer’s system.
It’s not recognized how the TeamViewer worker’s credentials had been compromised, and TeamViewer didn’t say.
The U.S. authorities and safety researchers have lengthy attributed APT29 to hackers working for Russia’s international intelligence service, the SVR. APT29 is without doubt one of the extra persistent, well-resourced government-backed hacking teams, and recognized for its use of straightforward however efficient hacking strategies — together with stealing passwords — to conduct long-running stealthy espionage campaigns that depend on stealing delicate knowledge.
TeamViewer is the newest tech firm focused by Russia’s SVR of late. The identical group of presidency hackers compromised Microsoft’s company community earlier this yr to steal emails from top executives to learn what was known about the intruding hackers themselves. Microsoft stated other tech companies were compromised throughout the ongoing Russian espionage marketing campaign, and U.S. cybersecurity company CISA confirmed federal government emails hosted on Microsoft’s cloud had been additionally stolen.
Months later, Microsoft said it was struggling to eject the hackers from its systems, calling the marketing campaign a “sustained, vital dedication” of the Russian authorities’s “sources, coordination, and focus.”
The U.S. authorities additionally blamed Russia’s APT29 for the 2019-2020 espionage campaign targeting U.S. software firm SolarWinds. The cyberattack noticed the mass-hacking of U.S. federal authorities companies by means of planting a hidden malicious backdoor in SolarWinds’ flagship software program. When the contaminated software program replace was pushed out to SolarWinds’ prospects, the Russian hackers had access to every network running the compromised software, together with the Treasury, Justice Division, and the Division of State.
Are you aware extra concerning the TeamViewer cyberattack? Get in contact. To contact this reporter, get in contact on Sign and WhatsApp at +1 646-755-8849, or by email. You can also ship information and paperwork through SecureDrop.
