Remote connectivity software provider TeamViewer has detected a corporate network compromise and some reports say a Russian APT is behind the attack.
According to a statement posted on the TeamViewer website, the company’s security team detected “an irregularity” in the internal corporate IT environment on June 26.
“TeamViewer’s internal corporate IT environment is completely independent from the product environment,” the company said. “There is no evidence to suggest that the product environment or customer data is affected. Investigations are ongoing and our primary focus remains to ensure the integrity of our systems.”
A Mastodon user named Jeffrey reported on Thursday that NCC Group’s threat intelligence team has been informing the cybersecurity firm’s customers about a “significant compromise of the TeamViewer remote access and support platform by an APT group.”
The same user said the US-based Health Information Sharing and Analysis Center (Health-ISAC) has issued an alert saying that the organization learned from a trusted intelligence partner that the notorious Russia-linked APT29 is behind the attack and “actively exploiting TeamViewer”.
“Health-ISAC recommends reviewing logs for any unusual remote desktop traffic. Threat actors have been observed leveraging remote access tools,” the organization is quoted as saying.
APT29, which among many other names is also known as Cozy Bear and Midnight Blizzard, is a Russian state-sponsored threat group known for high-impact attacks targeting important organizations.
In the past years, TeamViewer was often abused by malicious actors to spy on users, including on government officials.
In 2019, the company confirmed that it was hacked in 2016, but argued that it decided not to disclose the incident at the time after finding no evidence of impact on customers. A threat actor likely operating out of China was believed to be behind the attack.
As far as the new breach is concerned, TeamViewer has promised to be transparent and provide updates on the incident as its investigation progresses.
Related: US, Israel Provide Guidance on Securing Remote Access Software
Related: Hunter-Killer Malware Tactic Growing: Stealthy, Persistent and Aggressive
