TeamViewer, the global leader in remote connectivity solutions, has provided an update on the cyber attack detected on June 26, 2024.
The company has concluded the main incident response and investigation phase, confirming that the breach was contained in its internal corporate IT environment.
Data Integrity Secured
Eight days after the initial detection of the cyber security incident, TeamViewer, in collaboration with leading cyber security experts from Microsoft, has reconfirmed that the attack did not affect its product environment, connectivity platform, or any customer data.
This assurance comes as a relief to millions of users who rely on TeamViewer’s software for secure remote access and support.
The company says, “These findings confirm that our software solutions have always been safe to use. We appreciate our customers’ continued trust in our products, security posture, and incident response capabilities.”
Join our free webinar to learn about combating slow DDoS attacks, a major threat today.
Security Measures and Response
TeamViewer’s swift response to the incident involved immediate remediation measures and the establishment of additional protection layers.
The company reports no suspicious activity in its internal corporate IT environment since the attack was blocked.
The investigation revealed that the threat actor leveraged a compromised employee account to access the internal corporate IT environment.
The attackers copied employee directory data, including names, corporate contact information, and encrypted employee passwords.
However, Microsoft’s cyber security experts have mitigated the risk associated with these encrypted passwords.
TeamViewer has since hardened its employee authentication procedures and implemented stronger protection layers.
The company has also rebuilt its internal corporate IT environment to ensure a fully trusted state.
Despite concluding the main investigation phase, TeamViewer remains vigilant.
The company monitors the situation closely and maintains a robust security posture.
“Security remains core to our DNA, and we will continue to invest in our best-in-class cyber security posture as we have done in recent years,” the statement reads.
Timeline of Events
June 26, 2024: TeamViewer’s security team detected an irregularity in the internal corporate IT environment. Immediate response measures were activated, and investigations began with the help of globally renowned cybersecurity experts.
June 27, 2024: TeamViewer confirmed that the attack was contained within the corporate IT environment and did not affect the product environment or customer data. The company attributed the activity to the threat actor known as APT29 / Midnight Blizzard.
June 28, 2024: Further investigations reconfirmed that the attack was limited to the internal corporate IT environment. TeamViewer continued to work with cyber security experts and relevant authorities to enrich the collected evidence.
June 30, 2024: TeamViewer reconfirmed that the attack did not touch the product environment, connectivity platform, or customer data. The company informed employees and relevant authorities and began rebuilding the internal corporate IT environment.
July 4, 2024: TeamViewer concluded the main incident response and investigation phase, confirming that the incident was contained in the internal corporate IT environment. The company assured customers that its software solutions remained safe to use throughout the incident.
TeamViewer’s transparent communication and swift response to the cyber attack have demonstrated its commitment to security.
The company’s proactive measures and collaboration with leading cybersecurity experts have ensured the integrity of its systems and the safety of customer data.
As TeamViewer continues to monitor the situation, customers can remain confident in the security of the company’s remote connectivity solutions.
"Is Your System Under Attack? Try Cynet XDR: Automated Detection & Response for Endpoints, Networks, & Users!"- Free Demo