TeamViewer Corporate Environment Breached by APT Group

by | Jun 28, 2024 | News

Post Views: 128

Join our Patreon Channel and Gain access to 70+ Exclusive Walkthrough Videos.

Reading Time: 3 Minutes

TeamViewer, a remote access software company, has announced that its corporate environment was breached in a cyberattack on June 26, 2024. According to a cybersecurity firm, the attack is believed to have been carried out by an advanced persistent threat (APT) hacking group.

Immediate Response to Breach

“On Wednesday, 26 June 2024, our security team detected an irregularity in TeamViewer’s internal corporate IT environment,” TeamViewer stated in a post on its Trust Center. The company activated its response team, initiated investigations with globally renowned cybersecurity experts, and implemented necessary remediation measures.

TeamViewer emphasized that its internal corporate IT environment is separate from its product environment, and there is currently no evidence to suggest that the product environment or customer data has been affected. Investigations are ongoing, with the company focusing on ensuring the integrity of its systems.

Transparency and Search Engine Blocking

While TeamViewer aims to be transparent about the breach and plans to provide continuous updates, their “TeamViewer IT security update” page contains a <meta name="robots" content="noindex"> HTML tag. This tag prevents the document from being indexed by search engines, making it hard to find.

See Also: So, you want to be a hacker?
Offensive Security, Bug Bounty Courses

Discover your weakest link. Be proactive, not reactive. Cybercriminals need just one flaw to strike.

Background and Impact

TeamViewer is widely used for remote access, allowing users to control computers as if they were in front of the device. With over 640,000 customers worldwide and installations on over 2.5 billion devices, any breach is significant due to the potential for full access to internal networks.

This incident follows a 2016 breach linked to Chinese threat actors using the Winnti backdoor. Although data was not stolen, the 2019 confirmation of the breach highlighted potential security risks.

Alleged APT Group Involvement

News of the breach was first reported by IT security professional Jeffrey on Mastodon, who shared parts of an alert from the Dutch Digital Trust Center. The alert from the NCC Group Global Threat Intelligence team mentioned a significant compromise of the TeamViewer platform by an APT group.

An additional alert from Health-ISAC, a community for healthcare professionals to share threat intelligence, warned that the Russian hacking group APT29, also known as Cozy Bear, NOBELIUM, and Midnight Blizzard, is actively exploiting TeamViewer.

“On June 27, 2024, Health-ISAC received information from a trusted intelligence partner that APT29 is actively exploiting TeamViewer,” reads the alert. Health-ISAC advised reviewing logs for unusual remote desktop traffic and noted that threat actors have been observed leveraging remote access tools, including TeamViewer.

Trending: Offensive Security Tool: Freeway

APT29 and Cyberespionage

APT29 is a Russian advanced persistent threat group linked to Russia’s Foreign Intelligence Service (SVR). Known for its cyberespionage capabilities, APT29 has been involved in numerous attacks over the years, including breaches of Western diplomats’ communications and a recent breach of Microsoft’s corporate email environment.

Ongoing Investigations and Security Measures

While the NCC and Health-ISAC alerts coincide with TeamViewer’s disclosure of the incident, it is unclear if they are directly linked. The NCC Group mentioned that they issue alerts regularly based on various intelligence sources but did not provide additional details about the specific breach.

BleepingComputer contacted TeamViewer for further information but was told that no additional details would be shared while the investigation is ongoing.

Are u a security researcher? Or a company that writes articles about Cyber Security, Offensive Security (related to information security in general) that match with our specific audience and is worth sharing? If you want to express your idea in an article contact us here for a quote: [email protected]

Source: bleepingcomputer.com

Source Link