TeamViewer on Thursday disclosed it detected an “irregularity” in its inside company IT surroundings on June 26, 2024.
“We instantly activated our response crew and procedures, began investigations along with a crew of worldwide famend cyber safety specialists and carried out needed remediation measures,” the corporate stated in an announcement.
It additional famous that its company IT surroundings is totally minimize off from the product surroundings and that there isn’t a proof to point that any buyer knowledge has been impacted because of the incident.
It didn’t disclose any particulars as to who could have been behind the intrusion and the way they have been in a position to pull it off, however stated an investigation is underway and that it will present standing updates as and when new info turns into out there.
TeamViewer, based mostly in Germany, is the maker of distant monitoring and administration (RMM) software program that enables managed service suppliers (MSPs) and IT departments to handle servers, workstations, community gadgets, and endpoints. It is utilized by over 600,000 prospects.
Apparently, the U.S. Well being Data Sharing and Evaluation Heart (Well being-ISAC) has issued a bulletin about risk actors’ lively exploitation of TeamViewer, in line with the American Hospital Affiliation (AHA).
“Menace actors have been noticed leveraging distant entry instruments,” the non-profit reportedly stated. “Teamviewer has been noticed being exploited by risk actors related to APT29.”
It is at present unclear at this stage whether or not this implies the attackers are abusing shortcomings in TeamViewer to breach buyer networks, utilizing poor safety practices to infiltrate targets and deploy the software program, or they’ve carried out an assault on TeamViewer’s personal techniques.
APT29, additionally known as BlueBravo, Cloaked Ursa, Cozy Bear, Midnight Blizzard, and The Dukes, is a state-sponsored risk actor affiliated with the Russian International Intelligence Service (SVR). Just lately, it was linked to the breaches of Microsoft and Hewlett Packard Enterprise (HPE).
Microsoft has since revealed that some buyer electronic mail inboxes have been additionally accessed by APT29 following the hack that got here to mild earlier this 12 months, per experiences from Bloomberg and Reuters.
“This week we’re persevering with notifications to prospects who corresponded with Microsoft company electronic mail accounts that have been exfiltrated by the Midnight Blizzard risk actor,” the tech large was quoted as saying to the information company.
