AnyDesk confirmed today that it suffered a recent cyberattack that allowed hackers to gain access to the company's production systems.
BleepingComputer has learned that source code and private code signing keys were stolen during the attack.
AnyDesk is a remote access solution that allows users to remotely access computers over a network or the internet.
The program is very popular with the enterprise, which use it for remote support or to access colocated servers.
The software is also popular among threat actors who use it for persistent access to breached devices and networks.
In a statement shared with BleepingComputer, AnyDesk says they first learned of the attack after detecting indications of an incident on their product servers.
AnyDesk says they have revoked security-related certificates and replaced systems as necessary.
They also reassured customers that AnyDesk was safe to use and that there was no evidence of end-user devices being affected by the incident.
AnyDesk did not share any on whether anything was stolen during the attack.
BleepingComputer has learned that the threat actors accessed source code and code signing certificates.
While the company says that no authentication tokens were stolen, out of caution, AnyDesk is revoking all passwords to their web portal and suggests changing the password if it's used on other sites.
The company has already begun replacing stolen code signing certificates, with Günter Born of BornCity first reporting that they are using a new certificate in AnyDesk version 8.0.8, released on January 29th. The only listed change in the new version is that the company switched to a new code signing certificate and will revoke the old one soon.
The new version is now signed under 'AnyDesk Software GmbH,' with a serial number of 0a8177fcd8936a91b5e0eddf995b0ba5, as shown below.
While AnyDesk had not shared when the breach occurred, Born reported that AnyDesk suffered a four-day outage starting on January 29th, during which the company disabled the ability to log in to the AnyDesk client.
Yesterday, access was restored, allowing users to log in to their accounts, but AnyDesk did not provide any reason for the maintenance.
AnyDesk confirmed to BleepingComputer that this maintenance is related to the cybersecurity incident.
While AnyDesk says that passwords were not stolen in the attack, the threat actors did gain access to production systems, so it is strongly advised that all AnyDesk users change their passwords.
If they use their AnyDesk password at other sites, they should be changed there as well.
GTA 5 source code reportedly leaked online a year after Rockstar hack.
A mishandled GitHub token exposed Mercedes-Benz source code.
This Cyber News was published on www.bleepingcomputer.com. Publication date: Fri, 02 Feb 2024 22:20:16 +0000