iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Remote access software program TeamViewer has announced that it detected suspicious activity on its network, with researchers claiming that an APT group breached its systems.
The company released a brief statement earlier this week announcing the incident.
“On Wednesday, 26 June 2024, our security team detected an irregularity in TeamViewer’s internal corporate IT environment,” TeamViewer said.
“We immediately activated our response team and procedures, started investigations together with a team of globally renowned cyber security experts and implemented necessary remediation measures.”
TeamViewer stressed that its corporate IT environment and product environment are separate entities and that there is nothing to suggest that the product environment or any customer data was affected.
“Investigations are ongoing, and our primary focus remains to ensure the integrity of our systems,” TeamViewer said.
“Security is of utmost importance for us, it is deeply rooted in our DNA. Therefore, we value transparent communication and will continuously update the status of our investigations as new information becomes available.”
While TeamViewer was hesitant to use the words cyber attack or data breach, researchers believe that Russian APT group APT29, also known as Cozy Bear, was behind the attack.
APT29 is a group believed to be connected to Russia’s Foreign Intelligence Service (SVR). It is typically known for targeting European and NATO member governments and research institutes.
News of the breach was first reported by IT researcher Jeffrey on Mastodon, who shared that NCC Group Global Threat Intelligence accused an APT group of being responsible.
“The NCC Group Global Threat Intelligence team has been made aware of significant compromise of the TeamViewer remote access and support platform by an APT group. Due to the widespread usage of this software the following alert is being circulated securely to our customers,” the NCC Group said in the notice shared by Jeffrey.
Just hours afterwards, Jeffrey shared that HEALTH-ISAC concluded Cozy Bear was behind the incident.
“On June 27, 2024, Health-ISAC received information from a trusted intelligence partner that APT29 is actively exploiting TeamViewer. Health-ISAC recommends reviewing logs for any unusual remote desktop traffic. Threat actors have been observed leveraging remote access tools,” Health-ISAC said in the statement shared by Jeffrey.
“TeamViewer has been observed being exploited by threat actors associated with APT29.”
Be the first to hear the latest developments in the cyber industry.
