The remote device that grants access to corporate TeamViewer is the reason why its company’s environment was breached in a cyber attack in the past, which a cyber security company claims was caused by an APT hacking team.
“On Wednesday, June 26, 2024, our security team detected a breach in Teamviewer’s internal corporate IT environment,” Teamviewer noted in a submission, acknowledging its admission as the truth at heart.
“We immediately activated our response team and processes, launched an investigation together with a team of globally renowned cybersecurity experts, and implemented the necessary remediation measures.”
“Teamviewer’s internal corporate IT environment is completely independent from the product environment. There is no evidence to suggest that the product environment or customer data has been impacted. The investigation is ongoing and our primary focus is on ensuring the integrity of our systems ”
The company says it plans to be forthcoming regarding the breach and may frequently change the status of its investigation as additional information becomes available.
Alternatively, despite the fact that they say they try to be clear, the “TeamViewer IT Security Updates” web page includes a <meta identify="robots" content material="noindex"> HTML tag, which prevents the record from being indexed through engines like Google and thus being difficult to find.
TeamViewer is an extremely popular remote access tool that allows customers to remotely monitor a computer and view it as if they were sitting in front of the device. The company says its product has recently been sold to more than 640,000 consumers worldwide and has been installed in more than 2.5 billion units since the company’s announcement.
While TeamViewer says there is no evidence that its product environment or customer data has been breached, its huge importance to both customer and company environments makes any breach a significant concern as it would be internal. Will provide full rights of access to the network.
In 2019, TeamViewer showed a 2016 breach involving Chinese language warning actors due to the importance of the Vinty backdoor. The company said they did not disclose the breach in the past because no data was stolen in the attack.
APT team accused of attack
The breach was first reported via Jeffrey, an IT security expert at Mastodon, who shared with Hart parts of the alert posted on the Dutch Virtual Accept, an Internet portal that connects the federal government, security experts, and Dutch companies. Was shared by. Details about cyber security alerts.
“The NCC Group Global Threat Intelligence team has been made aware of the significant compromise of the TeamViewer remote access and support platform by APT Group,” the alert from IT security company NCC staff warned.
“Due to the widespread use of this software the following alert is being safely disseminated to our customers.”
An alert from Fitness-ISAC, a forum for health care professionals to share cautionary knowledge, recently warned that TeamViewer products and services were reportedly being actively targeted via the Russian hacking team APT29. , sometimes called Comfortable Endure, Nobelium, and Nighttime Snow Fall.
“On June 27, 2024, Health-ISAC received information from a trusted intelligence partner that APT29 is actively exploiting TeamViewer,” the Health-ISAC alert shared via Jeffrey said.
“Health-ISAC recommends reviewing logs for any unusual remote desktop traffic. Threat actors have been observed leveraging remote access tools. TeamViewer has been observed being exploited by threat actors associated with APT29 Is.”
APT29 is a Russian complex lightning warning team associated with Russia’s Overseas Knowledge Provider (SVR). The hacking team is known for its cyber espionage capabilities and has been linked to various attacks over the years, including attacks on Western diplomats and the recent breach of Microsoft’s company email environment.
Indicators from both companies have come up recently, as Teamviewer disclosed incident, if they are connected it is hidden as indicators from Teamviewer and NCC deal with company breach, speed fitness-ISAC alerts Teamviewer connection. Focuses more on.
NCC staff instructed BleepingComputer that they had nothing additional to add when contacted for further information.
“As part of our threat intelligence service to our clients, we issue alerts on a regular basis based on a variety of sources and intelligence,” NCC staff instructed BleepingComputer.
“At this time, we have nothing further to add to the alerts sent to our customers.”
BleepingComputer also contacted TeamViewer with questions regarding the attack, but were told to decline to share further information while the incident was investigated.
Change 6/27/24: Added overview from NCC staff.
Discover more from news2source
Subscribe to get the latest posts sent to your email.
