TeamViewer disclosed on Thursday that it detected an “irregularity” in its internal corporate IT environment on June 26, 2024.
“We immediately activated our response team and procedures, started investigations together with a team of globally renowned cybersecurity experts, and implemented necessary remediation measures,” the company stated.
TeamViewer emphasized that its corporate IT environment is completely isolated from the product environment, and there is no evidence suggesting that any customer data has been impacted by the incident.
The company did not provide details about the perpetrators or the methods used in the breach, but an investigation is underway, and status updates will be provided as new information emerges.
:rotating_light: TeamViewer’s corporate network breached by APT hacking group. Internal IT affected, product & customer data safe. APT29 (Cozy Bear) suspected. Stay vigilant! #CyberSecurity #TeamViewer #APT #Breach pic.twitter.com/riyLLB6vjF
— 3C N-SOC (@3cSoc) June 28, 2024
TeamViewer, based in Germany, develops remote monitoring and management (RMM) software used by over 600,000 customers, including managed service providers (MSPs) and IT departments, to manage servers, workstations, network devices, and endpoints.
Interestingly, the U.S. Health Information Sharing and Analysis Center (Health-ISAC) issued a bulletin regarding threat actors’ active exploitation of TeamViewer, according to the American Hospital Association (AHA). The AHA noted, “Threat actors have been observed leveraging remote access tools. TeamViewer has been observed being exploited by threat actors associated with APT29.”
It’s unclear if the attackers are exploiting vulnerabilities in TeamViewer to breach customer networks, using poor security practices to infiltrate targets, or if they attacked TeamViewer’s own systems.
APT29, also known as BlueBravo, Cloaked Ursa, Cozy Bear, Midnight Blizzard, and The Dukes, is a state-sponsored threat actor linked to the Russian Foreign Intelligence Service (SVR). Recently, APT29 was connected to breaches involving Microsoft and Hewlett Packard Enterprise (HPE).
#TeamViewer updated its #security alert this morning to say that the attack was “tied to credentials of a standard employee account within our Corporate IT environment,” and confirmed reports that APT29 was behind the attack pic.twitter.com/s02eGdIcCT
— Lindsey O’Donnell Welch (@LindseyOD123) June 28, 2024
Microsoft revealed that some customer email inboxes were accessed by APT29 following a hack disclosed earlier this year. “This week we are continuing notifications to customers who corresponded with Microsoft corporate email accounts that were exfiltrated by the Midnight Blizzard threat actor,” the tech giant stated.
It’s crucial for organizations to remain vigilant and enhance their cybersecurity measures to prevent such breaches and protect sensitive information.
Start Growing with Cloudways Today.
Our Clients Love us because we never compromise on these
Abdul Rehman
Abdul is a tech-savvy, coffee-fueled, and creatively driven marketer who loves keeping up with the latest software updates and tech gadgets. He's also a skilled technical writer who can explain complex concepts simply for a broad audience. Abdul enjoys sharing his knowledge of the Cloud industry through user manuals, documentation, and blog posts.
