TeamViewer on Thursday disclosed it detected an “irregularity” in its inside company IT atmosphere on June 26, 2024.
“We instantly activated our response workforce and procedures, began investigations along with a workforce of worldwide famend cyber safety specialists and applied needed remediation measures,” the corporate stated in an announcement.
It additional famous that its company IT atmosphere is totally reduce off from the product atmosphere and that there is no such thing as a proof to point that any buyer information has been impacted on account of the incident.
It didn’t disclose any particulars as to who could have been behind the intrusion and the way they had been in a position to pull it off, however stated an investigation is underway and that it might present standing updates as and when new data turns into out there.
TeamViewer, based mostly in Germany, is the maker of distant monitoring and administration (RMM) software program that enables managed service suppliers (MSPs) and IT departments to handle servers, workstations, community units, and endpoints. It is utilized by over 600,000 clients.
Apparently, the U.S. Well being Info Sharing and Evaluation Middle (Well being-ISAC) has issued a bulletin about menace actors’ lively exploitation of TeamViewer, in line with the American Hospital Affiliation (AHA).
“Menace actors have been noticed leveraging distant entry instruments,” the non-profit reportedly stated. “Teamviewer has been noticed being exploited by menace actors related to APT29.”
It is at the moment unclear at this stage whether or not this implies the attackers are abusing shortcomings in TeamViewer to breach buyer networks, utilizing poor safety practices to infiltrate targets and deploy the software program, or they’ve carried out an assault on TeamViewer’s personal methods.
APT29, additionally referred to as BlueBravo, Cloaked Ursa, Cozy Bear, Midnight Blizzard, and The Dukes, is a state-sponsored menace actor affiliated with the Russian International Intelligence Service (SVR). Lately, it was linked to the breaches of Microsoft and Hewlett Packard Enterprise (HPE).
Microsoft has since revealed that some buyer e-mail inboxes had been additionally accessed by APT29 following the hack that got here to mild earlier this 12 months, per studies from Bloomberg and Reuters.
“This week we’re persevering with notifications to clients who corresponded with Microsoft company e-mail accounts that had been exfiltrated by the Midnight Blizzard menace actor,” the tech large was quoted as saying to the information company.