TeamViewer, a leading provider of remote access tools, has confirmed that its corporate network has been hacked by Russian spies.
The software firm warned that the culprit behind this breach was APT29, which is popularly known as Midnight Blizzard, a notorious group of state-sponsored cybercriminals.
No Evidence of Customer Data Access
(Photo : TeamViewer)
The APT hacking group allegedly breached TeamViewer's corporate network on June 26. However, no evidence that the spies gained access to customer data.
As posted in TeamViewer IT Security update, the initial intrusion, which occurred on June 26, involved credentials from a standard employee account within TeamViewer's corporate IT environment.
TeamViewer assured that the attack was contained to its corporate network, with no evidence suggesting the hackers accessed their product environment or customer data. The company's internal network and customer systems remain separate to guarantee data security.
TechCrunch reached out to TeamViewer's spokesperson Martina Dier about the latest cybersecurity incident. However, she declined to respond regarding the technical ability to determine data access or exfiltration.
Despite this, the remote access tool maker clarified that there is no indication of customer data compromise.
The compromise of an employee's credentials raises concerns about the security measures in place and there's no doubt about that. TeamViewer has not disclosed how these credentials were compromised, which leaves unanswered questions about potential vulnerabilities.
Related Article: Blackberry Report Claims 7,500 New Malware Threats are Created Every Day
How Impactful is TeamViewer in the Tech Sector
TeamViewer is a prominent player in the remote access tools market, serving major clients such as DHL and Coca-Cola. The company supports remote access to over 2.5 billion devices globally and boasts more than 600,000 paying customers. However, its tools have also been exploited by malicious hackers for remote malware installation on victims' devices.
It's important to note that it's the latest tech company to fall victim to APT29.
Earlier this year, the same group breached Microsoft's corporate network, accessing emails from top executives to gather intelligence on the investigation into their own activities. This espionage campaign affected other tech companies and led to the theft of federal government emails hosted on Microsoft's cloud.
The most recent attack was the data breach where customer emails where stolen, Microsoft said.
What is APT29 Before TeamViewer Hack?
APT29, associated with Russia's foreign intelligence service (SVR), is known for its persistent and resourceful hacking campaigns. Although the group has a predictable method of deploying malicious schemes, its approach is straightforward but effective.
As such, the Russian hackers are dept in password-stealing campaigns and other spying-related operations.
Historical Context of APT29 Attacks
APT29 was also responsible for the 2019-2020 SolarWinds espionage campaign. This attack involved planting a malicious backdoor in SolarWinds' software, which was then distributed to its customers.
The breach provided Russian hackers access to numerous U.S. federal agencies, including the Treasury, Justice Department, and Department of State.
"As part of our Threat Intelligence service to our clients, we issue alerts on a regular basis based on a variety of sources and intelligence. At this time, we do not have anything further to add to the alert that was sent to our clients," NCC Group told BleepingComputer when asked about the TeamViewer hack.
Read Also: New Next Up Anytime Add-On to Roll Out on All AT&T's Wireless Plans Next Month
