TeamViewer, a popular provider of remote access tools for companies, has confirmed that it is currently experiencing a cyberattack on its corporate network. The company believes that the attack is being carried out by government-backed hackers working for Russian intelligence, specifically the group known as APT29 or Midnight Blizzard.
According to TeamViewer’s statement, the attack seems to have started on June 26 and was initiated through the credentials of a standard employee account within their corporate IT environment. However, the company assures that the breach was contained within their corporate network and that their internal network and customer systems remain separate. They have found no evidence to suggest that the hackers gained access to their product environment or customer data.
Despite this confirmation, TeamViewer has not provided detailed information about the extent of the breach, such as whether any data was accessed or exfiltrated from their network. The company declined to answer specific questions regarding this matter.
TeamViewer is widely used by corporate customers, including major companies like DHL and Coca-Cola, to remotely access devices and computers over the internet. With over 600,000 customers and remote access to more than 2.5 billion devices worldwide, it is a popular choice for businesses. However, its capabilities have also made it a target for malicious hackers who exploit its remote access features to plant malware on victims’ devices.
The exact method through which the TeamViewer employee’s credentials were compromised remains unknown. TeamViewer has not provided any information regarding this aspect of the incident.
APT29, also known as Cozy Bear or The Dukes, has long been associated with Russian intelligence agency SVR. This hacking group is known for its well-resourced and persistent espionage campaigns, often employing simple yet effective techniques like password theft to steal sensitive data. This attack on TeamViewer is just the latest example of APT29’s activities targeting tech companies. Earlier this year, they compromised Microsoft’s corporate network to steal emails from top executives. Microsoft revealed that other tech companies were also compromised during this espionage campaign.
Notably, APT29 was also responsible for the 2019-2020 cyberattack on software firm SolarWinds. This attack resulted in the mass-hacking of several U.S. federal government agencies by means of a malicious backdoor planted in SolarWinds’ software. The compromised software update provided the Russian hackers with access to numerous networks, including those of the Treasury, Justice Department, and the Department of State.
Overall, TeamViewer’s confirmation of a cyberattack on its network highlights the persistent threat posed by government-backed hacking groups like APT29. The incident serves as a reminder for companies to prioritize cybersecurity measures and remain vigilant against potential breaches.
