TeamViewer Identifies a Security Failure in a Business IT Infrastructure

TeamViewer Identifies a Security Failure

TeamViewer Identifies a Security Failure in a Business IT Infrastructure

On Thursday, TeamViewer said that on June 26, 2024, it discovered an “irregularity” in the information technology environment working within its corporate headquarters.

“We quickly engaged our response team and processes, began inspections with the help of a group of world-renowned cyber security experts, and then carried out required remediation measures,” according to a statement released by the organization.

In addition, it was mentioned that the company’s corporate information technology infrastructure is totally isolated from the product environment and that there is no evidence to suggest that any customer data has been affected as a consequence of the incident.

The organization did not reveal any information regarding the possible perpetrators of the breach or the means by which they were able to carry it out. However, it did state that an investigation is currently being conducted and that it will offer status updates as and when new information becomes available.

The company TeamViewer, which has its headquarters in Germany, is a manufacturer of remote monitoring and management (RMM) software. This software gives managed service providers (MSPs) and IT departments the ability to control endpoints, servers, workstations, and network devices alike. There are more than 600,000 customers who use it.

According to the American Hospital Association (AHA), the United States Health Information Sharing and Analysis Center (Health-ISAC) has published an alert regarding the active exploitation of TeamViewer by threat actors. This is an interesting development.

“Threat actors have been observed leveraging remote access tools,” the non-profit organization reportedly stated in a statement. “Teamviewer has been observed being exploited by threat actors associated with APT29.”

At this point in time, it is not obvious whether this indicates that the attackers are exploiting vulnerabilities in TeamViewer in order to access customer networks, that they are employing inadequate security procedures in order to infiltrate targets and deploy the software, or that they have carried out an attack on TeamViewer’s own systems.

BlueBravo, Cloaked Ursa, Cozy Bear, Midnight Blizzard, and The Dukes are all names that have been used to refer to APT29, which is a threat actor that is supported by the Russian government and is linked with the Russian Foreign Intelligence Service (SVR). A connection was made between it and the data breaches that occurred at Microsoft and Hewlett-Packard Enterprise (HPE) last week.

According to reports from Bloomberg and Reuters, Microsoft has since disclosed that APT29 not only gained access to the email inboxes of some customers but also accessed the email accounts of other customers after the attack that was discovered earlier this year.

“We keep sending alerts to clients who interacted with Microsoft business email accounts that were stolen by the Midnight Blizzard threat actor,” the tech giant was reported as stating to the news agency. “This week, we are continuing notifications to customers.”

APT29 is Officially Held Responsible for the Attack.

The attack was ascribed to APT29, according to an update that was released by TeamViewer on Friday. The update stated that the attack targeted the credentials that were linked with an employee account within the company’s corporate IT infrastructure.

“Depending on constant surveillance of security, our teams detected unusual activity of this account and promptly put incident response procedures into action,” it stated in a revised alert that was issued. “There is no evidence that the threat actor gained access to our product environment or customer data.”

The NCC Group, which initially informed the public about the breach through a limited disclosure because of the broad use of the program, has suggested that the software be removed “until additional details are known about the type of compromise TeamViewer has been subjected to.”

About The Author:

Yogesh Naager is a content marketer who specializes in the cybersecurity and B2B space.  Besides writing for the News4Hackers blog, he’s also written for brands including CollegeDunia, Utsav Fashion, and NASSCOM.  Naager entered the field of content in an unusual way.  He began his career as an insurance sales executive, where he developed an interest in simplifying difficult concepts.  He also combines this interest with a love of narrative, which makes him a good writer in the cybersecurity field.  In the bottom line, he frequently writes for Craw Security.


APT33: A Deeper Dive into a Famous Cyber Espionage Group

8220 Gang Uses Oracle WebLogic Server Errors to Mine Cryptocurrency

Hijacked Polyfill Supply Chain Attack Impacts More Than 110,000 Websites

About Author

Leave a Reply

Your email address will not be published. Required fields are marked *

Open chat
Can we help you?