TeamViewer Confirms Security Breach by Russian Midnight Blizzard Group


TeamViewer reassures users after a security breach targeted an employee account. The company claims no customer data was compromised, but the incident involved a suspected Russian hacking group. Is your TeamViewer account safe? Learn more and how to protect yourself.

TeamViewer, a leading Goeppingen, Germany-based remote access and support software company, has confirmed a security breach in its internal corporate IT environment. The incident, first detected on June 26, 2024, has been attributed to the Russian threat actor known as APT29 or Midnight Blizzard, according to the latest update from the company.

In an initial statement released on June 27, TeamViewer reported that their security team had detected an “irregularity” in their internal corporate IT environment. The company immediately activated its response team and began investigations with the help of globally renowned cybersecurity experts.

A follow-up statement on June 28 provided more details about the breach. The attack is believed to have originated from compromised credentials of a standard employee account within the corporate IT environment. TeamViewer’s security teams identified suspicious behaviour associated with this account and swiftly implemented incident response measures.

Importantly, TeamViewer has emphasized that its internal corporate IT environment is completely separate from its product environment. The company stated, “Based on current findings of the investigation, the attack was contained within the Corporate IT environment and there is no evidence that the threat actor gained access to our product environment or customer data.”

TeamViewer highlighted its “defence-in-depth” approach, which includes strong segregation between corporate IT, the production environment, and the TeamViewer connectivity platform. This architecture is designed to prevent unauthorized access and lateral movement between different environments.

The company has been working closely with globally leading cybersecurity experts and relevant government authorities to investigate the incident thoroughly. TeamViewer has committed to transparent communication and will continue to provide updates through its Trust Center as new information becomes available.

As of the latest update, TeamViewer has reconfirmed its earlier statements that the attack was contained within the internal corporate IT environment and did not affect the product environment, connectivity platform, or any customer data.

The company has stressed that security is of utmost importance and is “deeply rooted in our DNA.” TeamViewer plans to continue its investigation over the coming days to gather more evidence and explore all investigative options.

Paul Bischoff, Consumer Privacy Advocate at Comparitech commented on the breach and warned of possible attacks on TeamView employees in the future, “TeamViewer attributed the attack to Cozy Bear, or ATP 29, a state-sponsored Russian hacking group. They are not your run-of-the-mill, financially-motivated attackers. Thankfully, hackers only broke into TeamViewer’s corporate environment, so we shouldn’t have to worry about zero-day exploits in TeamViewer software,” he said.

“TeamViewer employees and customers might be at risk of personal data theft, but it could be months before TeamViewer finishes an investigation to find out who was impacted,” Paul warned.

Now Russia Previously China

As of June 2024, TeamViewer is installed on over 640,000 devices worldwide. This not only makes it a successful business but also a lucrative target for cybercriminals. In 2019, it was reported that TeamViewer had been compromised in 2016 by Chinese state-sponsored cybercriminals.

Importance of Employee Training

While details of how the employee had their account compromised are still under investigation, it is important to understand that employee cybersecurity training is a must. Therefore, comprehensive and ongoing cybersecurity training is essential for TeamViewer employees to recognize and prevent potential threats.

Educating staff on best practices, phishing detection, and secure password management can significantly reduce the risk of such incidents. Investing in employee cybersecurity awareness ensures a robust first line of defence against cyber attacks.

Nevertheless, this incident serves as a reminder of the ongoing threats faced by technology companies and the importance of robust cybersecurity measures. As the investigation continues, users and stakeholders are advised to stay informed through official channels and follow any recommendations provided by TeamViewer.

  1. Fake TeamViewer Installer Used to Deliver njRAT Malware
  2. Employee PC hacked via TeamViewer for water supply poisoning
  3. Fake TeamViewer download ads distributing new ZLoader variant
  4. Hackers targeting embassies with trojanized version of TeamViewer
  5. TeamViewer Exploited to Obtain Remote Access, Deploy Ransomware





Source link