TeamViewer has attributed the breach on its internal corporate environment to the notorious Russian cyber-espionage group APT29, also known as Midnight Blizzard or Cozy Bear. The company assures that customer data and the product environment remain unaffected.
TeamViewer, renowned for its remote access and control software, is installed on over two billion devices globally. The platform is particularly crucial in sectors like healthcare, government, and large enterprises. This widespread use magnifies the impact of any potential security breach.
Yesterday, the software company revealed that its internal IT environment had been compromised after it detected “irregular activity.” In an update posted earlier today, TeamViewer revealed that the suspicious activity was linked to the credentials of a standard employee account within the Corporate IT environment. Continuous security monitoring enabled the identification and immediate response to the anomaly, now linked to APT29 operations.
Current findings of the investigation point to an attack on Wednesday, June 26, tied to credentials of a standard employee account within our Corporate IT environment. Based on continuous security monitoring, our teams identified suspicious behavior of this account and immediately put incident response measures into action. Together with our external incident response support, we currently attribute this activity to the threat actor known as APT29 / Midnight Blizzard.
TeamViewer
APT29, the threat actor implicated in this incident, is a highly sophisticated group with a history of damaging cyber-attacks. Known for their stealth and advanced techniques, APT29 has been linked to several high-profile breaches, including the 2016 Democratic National Committee hack during the U.S. presidential elections and the SolarWinds attack in 2020, which compromised numerous U.S. government agencies and private sector companies. Their consistent targeting of sensitive information underscores their prominence in the realm of cyber espionage.
TeamViewer reiterated that the attack was contained within the corporate IT environment, with no evidence of access to the product environment or customer data. The firm emphasized its robust security architecture, highlighting the strict segregation between its corporate IT, production environment, and the connectivity platform, part of their ‘defense in-depth' strategy, which allegedly prevented unauthorized access and lateral movement across different systems in this case.
TeamViewer has reassured its stakeholders of its commitment to transparency and security, and promised to provide continuous updates on the investigation through their Trust Center, with the next update expected by the end of the day.
Although it is unknown yet if APT29 managed to pivot to other systems, attempt supply chain attacks, or compromise customer environments, so far, there's no evidence of such an extensive compromise.
Given the potential risks associated with this breach, particularly for users in sensitive environments, it is advisable to:
- Regularly monitor access logs for any unusual activity.
- Implement stricter access controls temporarily.
- Consider restricting access to TeamViewer until the situation is fully resolved.
TicketMaster Starts Notifying Customers of Major Data Breach
Leave a Reply