TeamViewer detects data breach and researchers attribute it to APT29

TeamViewer detects data breach and researchers attribute it to APT29

TeamViewer detects data breach and researchers attribute it to APT29

Remote access software program TeamViewer has announced that it detected suspicious activity on its network, and researchers claim that an APT group breached its systems.

The company issued a brief statement earlier this week announcing the incident.

“On Wednesday, June 26, 2024, our security team detected an irregularity in TeamViewer’s internal corporate IT environment,” TeamViewer said.

“We immediately activated our response team and procedures, initiated investigations alongside a team of world-renowned cybersecurity experts, and implemented any necessary corrective measures.”

TeamViewer emphasized that its corporate IT environment and its product environment are separate entities and that there is nothing to suggest that the product environment or customer data has been affected.

“Investigations are ongoing and our primary goal remains to ensure the integrity of our systems,” TeamViewer said.

“Safety is of utmost importance to us, it is deeply ingrained in our DNA. Therefore, we value transparent communication and will continually update the status of our investigations as new information becomes available.”

While TeamViewer was hesitant to use the words cyberattack or data breach, researchers believe the Russian APT group APT29, also known as Cozy Bear, was behind the attack.

APT29 is a group believed to be connected to the Russian Foreign Intelligence Service (SVR). It is generally known for targeting European governments and research institutes and NATO members.

News of the breach was first reported by IT researcher Jeffrey at Mastodon, who shared that NCC Group Global Threat Intelligence accused an APT group of being responsible.

“NCC Group’s Global Threat Intelligence team has been informed of a significant compromise of the TeamViewer remote access and support platform by a group of APTs. Due to the widespread use of this software, the following alert is securely distributed to our customers,” NCC Group said in the notice shared by Jeffrey.

Just hours later, Jeffrey shared that HEALTH-ISAC concluded that Cozy Bear was behind the incident.

“On June 27, 2024, Health-ISAC received information from a trusted intelligence partner that APT29 is actively exploiting TeamViewer. Health-ISAC recommends reviewing the logs for any unusual traffic to the remote desktop. “Threat actors have been observed to take advantage of remote access tools,” Health-ISAC said in the statement shared by Jeffrey.

“TeamViewer has been observed to be exploited by threat actors associated with APT29.”

Leave a Reply

Your email address will not be published. Required fields are marked *