TechTeamviewer hit by Russian hackers, second breach after chinese attack

Teamviewer hit by Russian hackers, second breach after chinese attack

TeamViewer has fallen victim to Russian hackers. The company had previously faced attacks by Chinese hackers. This time, a security breach occurred when an IT employee took over an account.

Russian hackers have attacked again
Russian hackers have attacked again
Images source: © Adobe Stock

5 July 2024 07:21

The owners of the TeamViewer software are facing significant problems. According to Sekuraka’s editorial team, a hacking attack took place. This time, the popular remote access program was targeted by the Russian cybercriminal group APT29. In the past, TeamViewer had been attacked by another group—then it was the Chinese APT group.

TeamViewer’s troubles began on 26 June. At that time, it was reported that there might have been a breach in the corporate network’s security. The security breach concerned the internal network, which remains independent of the production environment. It was stated that there are no suspicions of customer data being compromised.

The next day, NCC Group and Health-ISAC warnings appeared online, directed at these companies’ clients. They stated that the APT29 group had breached the platform’s security and used it in attacks. As cited by Sekurak, users were advised to review event logs for unusual activity related to remote desktop operations.

TeamViewer’s security department responded to this information and issued an update. Analyses revealed that the security breach occurred when an IT employee’s account was taken over.

Russian hackers attacked TeamViewer

TeamViewer confirmed that the APT29 group carried out the attack. It was again emphasised that the attack occurred in the internal environment and did not impact the production environment. The attack did not affect the servers, networks, and accounts that could give access to TeamViewer’s customer infrastructure.

From the published information, it appears that hackers used the compromised account to copy data from the employee directory, including names, company contact details, and encrypted passwords, to the internal IT environment. Sekurak emphasises that TeamViewer admitted to rebuilding the internal environment to make it more trusted. Microsoft helped in response to the attack.

Related content
© Daily Wrap
·

Downloading, reproduction, storage, or any other use of content available on this website—regardless of its nature and form of expression (in particular, but not limited to verbal, verbal-musical, musical, audiovisual, audio, textual, graphic, and the data and information contained therein, databases and the data contained therein) and its form (e.g., literary, journalistic, scientific, cartographic, computer programs, visual arts, photographic)—requires prior and explicit consent from Wirtualna Polska Media Spółka Akcyjna, headquartered in Warsaw, the owner of this website, regardless of the method of exploration and the technique used (manual or automated, including the use of machine learning or artificial intelligence programs). The above restriction does not apply solely to facilitate their search by internet search engines and uses within contractual relations or permitted use as specified by applicable law.Detailed information regarding this notice can be found  here.