TeamViewer has confirmed a breach in its internal corporate IT environment, reportedly linked to the Russian cyber-threat group APT-29. The confirmation follows rumors and initial reports on Mastodon, where users highlighted a significant compromise of the remote access platform.
The breach was first disclosed on Mastodon, where a user shared an alert from the NCC Group's Global Threat Intelligence team. The alert indicated that the Health Information Sharing and Analysis Center (Health-ISAC) received information on June 27, 2024, from a trusted partner, revealing that APT-29, also known as Cozy Bear, was actively exploiting TeamViewer. Health-ISAC warned members to inspect their remote desktop traffic for any irregularities.
TeamViewer breached
In a statement posted on their Trust Center webpage, TeamViewer acknowledged detecting an irregularity in their internal corporate IT environment on June 26, 2024. The company says it immediately activated its response team, collaborated with global cybersecurity experts, and implemented remediation measures.
TeamViewer's statement emphasized that its internal corporate IT environment is separate from the product infrastructure, assuring that there is no evidence suggesting the product environment or customer data was affected.
“TeamViewer's internal corporate IT environment is completely independent from the product environment,” reads the firm's statement.
“There is no evidence to suggest that the product environment or customer data is affected.”
TeamViewer, known for its remote access and control capabilities, is installed on over two billion devices worldwide. This breach raises significant concerns given the software's widespread use, particularly in sensitive sectors such as healthcare, government, and big enterprises.
In June 2016, TeamViewer faced scrutiny when hundreds of users reported unauthorized access to their computers, attributed to a security incident involving an address in China. However, the company attributed those incidents to users' poor password practices and denied any inherent security flaws.
Current investigations are focused on ensuring system integrity, and not many details have been shared or confirmed by the company yet. Given the current status of uncertainty, TeamViewer users in sensitive or critical environments could take aggressive precautions such as regularly monitoring access logs, and even restrict access to TeamViewer until the situation clears up.
New InnoLoader Malware Creates Unique Payloads for Each Victim
Leave a Reply