TeamViewer says its network was breached — but customer and company data is safe
"Irregularity" in TeamViewer network blamed on APT29 / Midnight Blizzard
TeamViewer has warned users it may have suffered a breach, but has reassured it does not appear any company or customer data has been affected.
A statement on the TeamViewer Trust Center site stated on June 26, the company detected an “irregularity” in the company’s internal corporate IT environment that it attributed to the notorious APT29 / Midnight Blizzard cybercrime gang.
"Based on current findings of the investigation, the attack was contained within the Corporate IT environment and there is no evidence that the threat actor gained access to our product environment or customer data," the company added.
Significant compromise
The remote access giant said it had activated its response team and procedures, brought in third-party cybersecurity experts to help with the problem, and “implemented necessary remediation measures.”
"Following best-practice architecture, we have a strong segregation of the Corporate IT, the production environment, and the TeamViewer connectivity platform in place," it added.
"This means we keep all servers, networks, and accounts strictly separate to help prevent unauthorized access and lateral movement between the different environments. This segregation is one of multiple layers of protection in our ‘defense in-depth’ approach."
At the same time, other security firms are picking up on the attack and are sharing more details. As spotted by The Register, NCC Group Global is warning its customers of an advanced persistent threat (APT) pulling off a “significant compromise of the TeamViewer remote access and support platform”.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
At the same time, the US Health Information Sharing and Analysis Center (H-ISAC) is saying hackers are “actively exploiting” TeamViewer, Emsisoft’s researchers found. H-ISAC users should keep a close eye on their remote desktop protocol for unusual traffic, the organization apparently said.
For its part, TeamViewer noted, "security is of utmost importance for us, it is deeply rooted in our DNA. Therefore, we commit to transparent communication to stakeholders."
For the uninitiated, APT29 is also known as Cozy Bear, and is believed to be a Russian state-sponsored threat actor. It is best known for an attack on Microsoft which allowed it to steal emails from the accounts of officials working in several US federal agencies.
More from TechRadar Pro
- Russian hackers were able to steal US government emails after attacking Microsoft
- Here's a list of the best firewalls today
- These are the best endpoint protection tools right now
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.