TeamViewer Detects Security Breach in Corporate IT Environment

Cyber Security

Products You May Like

Jun 28, 2024NewsroomData Breach / Enterprise Security

TeamViewer on Thursday disclosed it detected an “irregularity” in its internal corporate IT environment on June 26, 2024.

“We immediately activated our response team and procedures, started investigations together with a team of globally renowned cyber security experts and implemented necessary remediation measures,” the company said in a statement.

It further noted that its corporate IT environment is completely cut off from the product environment and that there is no evidence to indicate that any customer data has been impacted as a result of the incident.

It did not disclose any details as to who may have been behind the intrusion and how they were able to pull it off, but said an investigation is underway and that it would provide status updates as and when new information becomes available.

Cybersecurity

TeamViewer, based in Germany, is the maker of remote monitoring and management (RMM) software that allows managed service providers (MSPs) and IT departments to manage servers, workstations, network devices, and endpoints. It’s used by over 600,000 customers.

Interestingly, the U.S. Health Information Sharing and Analysis Center (Health-ISAC) has issued a bulletin about threat actors’ active exploitation of TeamViewer, according to the American Hospital Association (AHA).

“Threat actors have been observed leveraging remote access tools,” the non-profit reportedly said. “Teamviewer has been observed being exploited by threat actors associated with APT29.”

It’s currently unclear at this stage whether this means the attackers are abusing shortcomings in TeamViewer to breach customer networks, using poor security practices to infiltrate targets and deploy the software, or they have carried out an attack on TeamViewer’s own systems.

APT29, also called BlueBravo, Cloaked Ursa, Cozy Bear, Midnight Blizzard, and The Dukes, is a state-sponsored threat actor affiliated with the Russian Foreign Intelligence Service (SVR). Recently, it was linked to the breaches of Microsoft and Hewlett Packard Enterprise (HPE).

Cybersecurity

Microsoft has since revealed that some customer email inboxes were also accessed by APT29 following the hack that came to light earlier this year, per reports from Bloomberg and Reuters.

“This week we are continuing notifications to customers who corresponded with Microsoft corporate email accounts that were exfiltrated by the Midnight Blizzard threat actor,” the tech giant was quoted as saying to the news agency.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.

Products You May Like

Articles You May Like

NCLT Approves Merger of Viacom 18, Star India After CCI Nod
OpenAI and Anthropic agree to let U.S. AI Safety Institute test and evaluate new models
PS5 Pro Design, Launch Timeline Leaked; New Console Might Come Without Disc Drive
Human Brains Can Resist Decay for Up to 12,000 Years, Reveals Study
Redmi 14C With 6.88-Inch LCD Screen, MediaTek Helio G81 Chipset Launched: Price, Specifications

Leave a Reply

Your email address will not be published. Required fields are marked *