AnyDesk confirmed today that it suffered a recent cyberattack that allowed hackers to gain access to the company's production systems.
BleepingComputer has learned that source code and private code signing keys were stolen during the attack.
AnyDesk is a remote access solution that allows users to remotely access computers over a network or the internet.
The software is also popular among threat actors who use it for persistent access to breached devices and networks.
In a statement shared with BleepingComputer late Friday afternoon, AnyDesk says they first learned of the attack after detecting indications of an incident on their product servers.
AnyDesk did not share details on whether data was stolen during the attack.
BleepingComputer has learned that the threat actors stole source code and code signing certificates.
The company also confirmed that the attack did not involve ransomware but didn't share too much information about the attack other than saying their servers were breached, with the advisory mainly focusing on how they responded to the attack.
As part of their response, AnyDesk says they have revoked security-related certificates and remediated or replaced systems as necessary.
They also reassured customers that AnyDesk was safe to use and that there was no evidence of end-user devices being affected by the incident.
While the company says that no authentication tokens were stolen, out of caution, AnyDesk is revoking all passwords to their web portal and suggests changing the password if it's used on other sites.
The company has already begun replacing stolen code signing certificates, with Günter Born of BornCity first reporting that they are using a new certificate in AnyDesk version 8.0.8, released on January 29th. The only listed change in the new version is that the company switched to a new code signing certificate and will revoke the old one soon.
The new version is now signed under 'AnyDesk Software GmbH,' with a serial number of 0a8177fcd8936a91b5e0eddf995b0ba5, as shown below.
Certificates are usually not invalidated unless they have been compromised, such as being stolen in attacks or publicly exposed.
While AnyDesk had not shared when the breach occurred, Born reported that AnyDesk suffered a four-day outage starting on January 29th, during which the company disabled the ability to log in to the AnyDesk client.
Yesterday, access was restored, allowing users to log in to their accounts, but AnyDesk did not provide any reason for the maintenance.
AnyDesk confirmed to BleepingComputer that this maintenance is related to the cybersecurity incident.
While AnyDesk says that passwords were not stolen in the attack, the threat actors did gain access to production systems, so it is strongly advised that all AnyDesk users change their passwords.
If they use their AnyDesk password at other sites, they should be changed there as well.
Johnson Controls says ransomware attack cost $27 million, data stolen.
This Cyber News was published on www.bleepingcomputer.com. Publication date: Fri, 02 Feb 2024 23:40:10 +0000