TeamViewer has warned users that it may have suffered a security breach, but has assured that it does not appear that any company or customer data has been affected.
A statement on the TeamViewer Trust Center site indicated on June 26 that the company detected an “irregularity” in the company's internal corporate IT environment that it attributed to the notorious APT29/Midnight Blizzard cybercriminal gang.
“Based on the current investigation findings, the attack was contained within the corporate IT environment and there is no evidence that the threat actor gained access to our product environment or customer data,” the company added.
Meaningful engagement
The remote access giant said it had activated its response team and procedures, hired outside cybersecurity experts to help with the issue and “implemented necessary corrective measures.”
“Following best practice architecture, we have strong segregation of corporate IT, production environment and TeamViewer connectivity platform,” he added.
“This means we keep all servers, networks and accounts strictly separated to help prevent unauthorized access and lateral movement between different environments. This segregation is one of multiple layers of protection in our 'defense in depth' approach. “.
At the same time, other security companies are becoming aware of the attack and sharing more details. How he saw it RegisterNCC Group Global is warning its customers about an advanced persistent threat (APT) that is causing a “significant compromise of the TeamViewer remote access and support platform.”
At the same time, the US Health Information Sharing and Analysis Center (H-ISAC) says hackers are “actively exploiting” TeamViewer, Emsisoft researchers discovered. H-ISAC users should keep a close eye on their remote desktop protocol for unusual traffic, the organization apparently said.
For its part, TeamViewer noted that “security is of utmost importance to us, it is deeply rooted in our DNA. Therefore, we are committed to transparent communication with interested parties.”
For the uninitiated, APT29 is also known as Cozy Bear and is believed to be a Russian state-sponsored threat actor. He is best known for an attack on Microsoft that allowed him to steal emails from the accounts of officials working at various US federal agencies.