TeamViewer, the corporate that makes extensively used distant entry instruments for firms, has confirmed an ongoing cyberattack on its company community.
In an announcement Friday, the corporate attributed the compromise to government-backed hackers working for Russian intelligence, often known as APT29 (and Midnight Blizzard).
The Germany-based firm stated its investigation to this point factors to an preliminary intrusion on June 26 “tied to credentials of an ordinary worker account inside our company IT setting.”
TeamViewer stated that the cyberattack “was contained” to its company community and that the corporate retains its inner community and buyer techniques separate. The corporate added that it has “no proof that the risk actor gained entry to our product setting or buyer information.”
Martina Dier, a spokesperson for TeamViewer, declined to reply a sequence of questions from TechCrunch, together with whether or not the corporate has the technical skill, equivalent to logs, to find out what, if any, information was accessed or exfiltrated from its community.
TeamViewer is likely one of the extra in style suppliers of distant entry instruments, permitting its company clients — together with transport large DHL and beverage maker Coca-Cola, per its web site — to entry different units and computer systems from over the web. The corporate says it has greater than 600,000 paying clients and facilitates distant entry to greater than 2.5 billion units world wide.
TeamViewer can be recognized to be abused by malicious hackers for its skill for use to remotely plant malware on a sufferer’s gadget.
It’s not recognized how the TeamViewer worker’s credentials have been compromised, and TeamViewer didn’t say.
The U.S. authorities and safety researchers have lengthy attributed APT29 to hackers working for Russia’s international intelligence service, the SVR. APT29 is likely one of the extra persistent, well-resourced government-backed hacking teams, and recognized for its use of straightforward however efficient hacking strategies — together with stealing passwords — to conduct long-running stealthy espionage campaigns that depend on stealing delicate information.
TeamViewer is the newest tech firm focused by Russia’s SVR of late. The identical group of presidency hackers compromised Microsoft’s company community earlier this yr to steal emails from prime executives to study what was recognized in regards to the intruding hackers themselves. Microsoft stated different tech firms have been compromised through the ongoing Russian espionage marketing campaign, and U.S. cybersecurity company CISA confirmed federal authorities emails hosted on Microsoft’s cloud have been additionally stolen.
Months later, Microsoft stated it was struggling to eject the hackers from its techniques, calling the marketing campaign a “sustained, important dedication” of the Russian authorities’s “assets, coordination, and focus.”
The U.S. authorities additionally blamed Russia’s APT29 for the 2019-2020 espionage marketing campaign focusing on U.S. software program agency SolarWinds. The cyberattack noticed the mass-hacking of U.S. federal authorities businesses by the use of planting a hidden malicious backdoor in SolarWinds’ flagship software program. When the contaminated software program replace was pushed out to SolarWinds’ clients, the Russian hackers had entry to each community operating the compromised software program, together with the Treasury, Justice Division, and the Division of State.
Are you aware extra in regards to the TeamViewer cyberattack? Get in contact. To contact this reporter, get in contact on Sign and WhatsApp at +1 646-755-8849, or by e mail. You can also ship information and paperwork through SecureDrop.