TeamViewer’s corporate network became breached in alleged APT hack

The faraway obtain entry to instrument firm TeamViewer is warning that its corporate ambiance became breached in a cyberattack the day before this day, with a cybersecurity agency claiming it became by an APT hacking community.

“On Wednesday, 26 June 2024, our security crew detected an irregularity in TeamViewer’s interior corporate IT ambiance,” TeamViewer said in a post to its Have confidence Heart.

“We straight activated our response crew and procedures, started investigations alongside with a crew of globally successfully-known cyber security experts and implemented mandatory remediation measures.”

“TeamViewer’s interior corporate IT ambiance is fully self reliant from the product ambiance. There could be now not a proof to counsel that the product ambiance or customer files is affected. Investigations are ongoing and our fundamental focal level stays to make certain the integrity of our systems.”

The firm says that it plans to be transparent in regards to the breach and will repeatedly replace the role of its investigation as extra files turns into available.

Nonetheless, even though they are saying they map to be transparent, the “TeamViewer IT security replace” web page comprises a HTML mark, which prevents the anecdote from being indexed by search engines like google and thus now now not easy to search out.

TeamViewer is a extremely common faraway obtain entry to instrument that lets in users to remotely adjust a laptop and use it as if they had been sitting in entrance of the machine. The firm says its product is for the time being gentle by over 640,000 customers worldwide and has been set in on over 2.5 billion devices for the reason that firm launched.

While TeamViewer states there is no such thing as a proof that its product ambiance or customer files has been breached, its huge use in a single and all and corporate environments makes any breach a significant scheme back as it would provide stout obtain entry to to interior networks.

In 2019, TeamViewer confirmed a 2016 breach linked to Chinese language threat actors attributable to their use of the Winnti backdoor. The firm said they didn’t impart the breach on the time as files became now now not stolen in the assault.

Oeisdigitalinvestigator.com: Alleged APT community on the abet of assault

Info of the breach became first reported on Mastodon by IT security genuine Jeffrey, who shared parts of an alert shared on the Dutch Digital Have confidence Heart, a web portal gentle by the authorities, security experts, and Dutch companies to allotment details about cybersecurity threats.

“The NCC Neighborhood Global Threat Intelligence crew has been made conscious about significant compromise of the TeamViewer faraway obtain entry to and offers a enhance to platform by an APT community,” warns an alert from the IT security agency NCC Neighborhood.

“Attributable to the frequent utilization of this instrument the next alert is being circulated securely to our customers.”

An alert from Health-ISAC, a community for healthcare mavens to allotment threat intelligence, also warned this day that TeamViewer companies had been allegedly being actively focused by the Russian hacking community APT29, also is named Cushty Have confidence, NOBELIUM, and Heart of the night Blizzard.

“On June 27, 2024, Health-ISAC got files from a relied on intelligence associate that APT29 is actively exploiting Teamviewer,” reads the Health-ISAC alert shared by Jeffrey.

“Health-ISAC recommends reviewing logs for any odd faraway desktop traffic. Threat actors had been seen leveraging faraway obtain entry to instruments. Teamviewer has been seen being exploited by threat actors linked to APT29.”

APT29 is a Russian improved persistent threat community linked to Russia’s Foreign places Intelligence Service (SVR). The hacking community is believed for its cyberespionage abilities and has been linked to loads of assaults over the years, including assaults on Western diplomats and a contemporary breach of Microsoft’s corporate e-mail ambiance.

While the indicators from every firms reach this day, superb as TeamViewer disclosed the incident, it is unclear if they’re linked as TeamViewer’s and NCC’s indicators address the corporate breach, whereas the Health-ISAC alert focuses extra on concentrated on TeamViewer connections.

NCC Neighborhood advised BleepingComputer that they had nothing extra so that it is advisable to well add when contacted for extra files.

“As share of our Threat Intelligence carrier to our clients, we trouble indicators normally in step with a unfold of sources and intelligence,” NCC Neighborhood advised BleepingComputer.

“Presently, we attain now now not have anything else extra so that it is advisable to well add to the alert that became despatched to our clients.”

BleepingComputer also contacted TeamViewer with questions in regards to the assault however became advised no extra files would be shared as they investigated the incident.

Change 6/27/24: Added assertion from NCC Neighborhood.