Teamviewer hit by Russian hackers, second breach after chinese attack

The owners of the TeamViewer software are facing significant problems. According to Sekuraka’s editorial team, a hacking attack took place. This time, the popular remote access program was targeted by the Russian cybercriminal group APT29. In the past, TeamViewer had been attacked by another group—then it was the Chinese APT group.

TeamViewer’s troubles began on 26 June. At that time, it was reported that there might have been a breach in the corporate network’s security. The security breach concerned the internal network, which remains independent of the production environment. It was stated that there are no suspicions of customer data being compromised.

The next day, NCC Group and Health-ISAC warnings appeared online, directed at these companies’ clients. They stated that the APT29 group had breached the platform’s security and used it in attacks. As cited by Sekurak, users were advised to review event logs for unusual activity related to remote desktop operations.

TeamViewer’s security department responded to this information and issued an update. Analyses revealed that the security breach occurred when an IT employee’s account was taken over.

TeamViewer confirmed that the APT29 group carried out the attack. It was again emphasised that the attack occurred in the internal environment and did not impact the production environment. The attack did not affect the servers, networks, and accounts that could give access to TeamViewer’s customer infrastructure.

From the published information, it appears that hackers used the compromised account to copy data from the employee directory, including names, company contact details, and encrypted passwords, to the internal IT environment. Sekurak emphasises that TeamViewer admitted to rebuilding the internal environment to make it more trusted. Microsoft helped in response to the attack.