TeamViewer has warned users that a breach may have occurred, but has reassured that it appears no company or customer data was affected.
A statement on the TeamViewer Trust Center site said that on June 26, the company discovered an “irregularity” in the company’s internal corporate IT environment that it attributed to the infamous cybercrime gang APT29/Midnight Blizzard.
“Based on the current investigation findings, the attack was limited to the company’s IT environment and there is no evidence that the attacker gained access to our product environment or customer data,” the company said.
Significant compromise
The remote access giant said it had activated its response team and procedures, brought in external cybersecurity experts to assist with the issue and “implemented the necessary remediation measures.”
“Following the best-practice architecture, we have implemented a strong separation of the corporate IT, the production environment and the TeamViewer connectivity platform,” it added.
“This means that we keep all servers, networks and accounts strictly separated to prevent unauthorized access and lateral movement between different environments. This separation is one of multiple layers of protection in our ‘defense in depth’ approach.”
At the same time, other security companies are picking up on the attack and sharing more details. As noted by The registerNCC Group Global is warning its customers about an advanced persistent threat (APT) that is causing a “significant breach of the TeamViewer remote access and support platform.”
At the same time, the U.S. Health Information Sharing and Analysis Center (H-ISAC) says hackers are “actively abusing” TeamViewer, researchers at Emsisoft found. H-ISAC users should closely monitor their remote desktop protocol for unusual traffic, the organization said.
For its part, TeamViewer noted that “safety is of the utmost importance to us, it is deeply ingrained in our DNA. That is why we are committed to transparent communication to stakeholders.”
For the uninitiated, APT29 is also known as Cozy Bear and is considered a Russian state-sponsored threat actor. It is best known for an attack on Microsoft that allowed it to steal emails from the accounts of officials working at various US federal agencies.