TeamViewer breached by Russian state actor Midnight Blizzard

TeamViewer's corporate network was breached this week in an attack that the remote access software vendor attributed to Russian state-sponsored threat actor Midnight Blizzard.
The company wrote at the time that it immediately began an investigation and would, in the interest of transparency, share more details as they became available.
Remote access software is often misused by threat actors for lateral movement in victim environments.
In 2021, a threat actor abused TeamViewer to gain access to SCADA systems at a water treatment plant in Oldsmar, Fla.
TeamViewer provided additional details Friday as an update to the initial statement.
TeamViewer attributed the attack to Midnight Blizzard, the Russian state-sponsored actor also known as APT29 and Cozy Bear.
Midnight Blizzard was behind the Microsoft breach disclosed earlier this year as well as the devastating 2020 supply chain attack against SolarWinds.
TeamViewer emphasized in the update that based on current evidence, its product environment and customer data were unaffected by the breach.
The updated statement explained that TeamViewer uses a defense-in-depth approach that limited the threat actor's ability to gain access to other parts of the company's environment.
TechTarget Editorial asked TeamViewer how the employee credentials were stolen, but a spokesperson declined to comment, promising more details as they become available.
The next update is expected by the end of business on Friday, Central European Summer Time.
Alexander Culafi is a senior information security news writer and podcast host for TechTarget Editorial.

This Cyber News was published on www.techtarget.com. Publication date: Fri, 28 Jun 2024 19:13:05 +0000

Cyber News related to TeamViewer breached by Russian state actor Midnight Blizzard

Ransomware Actor Uses TeamViewer to Gain Initial Access to Networks - TeamViewer is software that organizations have long used to enable remote support, collaboration, and access to endpoint devices. Like other legitimate remote access technologies, it is also something that attackers have used with relative frequency ...
9 months ago Darkreading.com

Russian Spies Hacked Microsoft Email Systems & Accessed Code - Microsoft has disclosed that Russian government hackers, identified as the group Midnight Blizzard, have successfully infiltrated its corporate email systems and stolen source codes. Microsoft's announcement on March 8, 2024, detailed that Midnight ...
7 months ago Cybersecuritynews.com

Star Blizzard increases sophistication and evasion in ongoing attacks - Microsoft Threat Intelligence continues to track and disrupt malicious activity attributed to a Russian state-sponsored actor we track as Star Blizzard. Star Blizzard has improved their detection evasion capabilities since 2022 while remaining ...
11 months ago Microsoft.com

TeamViewer breached by Russian state actor Midnight Blizzard - TeamViewer's corporate network was breached this week in an attack that the remote access software vendor attributed to Russian state-sponsored threat actor Midnight Blizzard. The company wrote at the time that it immediately began an investigation ...
4 months ago Techtarget.com

Microsoft Shares New Guidance in the Wake of 'Midnight Blizzard' Cyberattack - Microsoft has released new guidance for organizations on how to protect against persistent nation-state attacks like the one disclosed a few days ago that infiltrated its own corporate email system. A key focus of the guidance is on what ...
9 months ago Darkreading.com

Microsoft: Legacy account hacked by Russian APT had no MFA - Microsoft said the legacy test tenant account hacked by Russian nation-state threat actors this month did not have MFA enabled. According to the initial disclosure, the account compromised was a legacy, non-production test tenant account that threat ...
9 months ago Techtarget.com

TeamViewer's corporate network was breached in alleged APT hack - The remote access software company TeamViewer is warning that its corporate environment was breached in a cyberattack yesterday, with a cybersecurity firm claiming it was by an APT hacking group. The company says that it plans to be transparent about ...
4 months ago Bleepingcomputer.com

HPE: Russian hackers breached its security team's email accounts - Hewlett Packard Enterprise disclosed today that suspected Russian hackers known as Midnight Blizzard gained access to the company's Microsoft Office 365 email environment to steal data from its cybersecurity team and other departments. Midnight ...
9 months ago Bleepingcomputer.com

Microsoft reveals how hackers breached its Exchange Online accounts - Microsoft confirmed that the Russian Foreign Intelligence Service hacking group, which hacked into its executives' email accounts in November 2023, also breached other organizations as part of this malicious campaign. On January 12, 2024, Microsoft ...
9 months ago Bleepingcomputer.com

Russian hackers stole Microsoft corporate emails in month-long breach - Microsoft disclosed Friday night that some of its corporate email accounts were breached and data stolen by the Russian state-sponsored hacking group Midnight Blizzard. The company detected the attack on January 12th, with Microsoft initiating its ...
9 months ago Bleepingcomputer.com

Microsoft Actions Following Attack by Nation State Actor Midnight Blizzard - The Microsoft security team detected a nation-state attack on our corporate systems on January 12, 2024, and immediately activated our response process to investigate, disrupt malicious activity, mitigate the attack, and deny the threat actor further ...
9 months ago Msrc.microsoft.com

The Russians are coming! Err, they've already infiltrated The Register - Russia-backed attackers have named new targets for their ongoing phishing campaigns, with defense-industrial firms and energy facilities now in their sights, according to agencies of the Five Eyes alliance. In a joint security alert issued on ...
10 months ago Go.theregister.com

TeamViewer abused to breach networks in new ransomware attacks - Ransomware actors are again using TeamViewer to gain initial access to organization endpoints and attempt to deploy encryptors based on the leaked LockBit ransomware builder. TeamViewer is a legitimate remote access tool used extensively in the ...
9 months ago Bleepingcomputer.com

Microsoft Claims Russian Hackers are Attempting to Break into Company Networks. - Microsoft warned on Friday that hackers affiliated to Russia's foreign intelligence were attempting to break into its systems again, using data collected from corporate emails in January to seek new access to the software behemoth whose products are ...
7 months ago Cysecurity.news

Microsoft breached by Russian APT behind SolarWinds attack - Midnight Blizzard, previously referred to as Nobelium, is best known as the threat actor behind the infamous supply chain attack against SolarWinds in late 2020. The advanced persistent threat group, more commonly known as Cozy Bear and APT29, ...
9 months ago Techtarget.com

TeamViewer Hack Officially Attributed to Russian Cyberspies - TeamViewer has confirmed that a notorious Russian cyberespionage group appears to be behind the recent hacker attack targeting the company's systems. The remote connectivity software provider revealed last week that it had detected an intrusion on ...
4 months ago Securityweek.com

Microsoft, DOJ Dismantle Domains Used by Russian FSB-Linked Hacking Group - By taking decisive action against Star Blizzard, Microsoft and its partners reinforce international norms and demonstrate a commitment to protecting civil society and upholding the rule of law in cyberspace. Between January 2023 and August 2024, Star ...
1 month ago Gbhackers.com

FSB arrests Russian hackers working for Ukrainian cyber forces - The Russian Federal Security Service arrested two individuals believed to have helped Ukrainian forces carry out cyberattacks to disrupt Russian critical infrastructure targets. Both suspects were taken into custody one same day in two different ...
11 months ago Bleepingcomputer.com

Microsoft Alerts More Customers to Email Theft in Expanding Midnight Blizzard Hack - Shockwaves from the Russian government's hack of Microsoft's corporate infrastructure continue to spread with news that the software giant is notifying surprised customers that their emails were also stolen by the Midnight Blizzard hackers. The ...
4 months ago Securityweek.com

CISA Directs Federal Agencies to Immediately Mitigate Significant Risk From Russian State-Sponsored Cyber Threat - WASHINGTON - Today, the Cybersecurity and Infrastructure Security Agency publicly issued Emergency Directive 24-02 in response to a recent campaign by Russian state-sponsored cyber actor Midnight Blizzard targeting Microsoft corporate email accounts ...
6 months ago Cisa.gov

Microsoft and DOJ seized the attack infrastructure used by Russia-linked Callisto Group - Today, the United States District Court for the District of Columbia unsealed a civil action brought by Microsoft’s DCU, including its order authorizing Microsoft to seize 66 unique domains used by Star Blizzard in cyberattacks targeting Microsoft ...
1 month ago Securityaffairs.com

Russian military hackers target NATO fast reaction corps - Russian APT28 military hackers used Microsoft Outlook zero-day exploits to target multiple European NATO member countries, including a NATO Rapid Deployable Corps. Researchers from Palo Alto Networks' Unit 42 have observed them exploiting the ...
10 months ago Bleepingcomputer.com

TeamViewer: Hackers copied employee directory data and encrypted passwords - Software company TeamViewer says that a compromised employee account is what enabled hackers to breach its internal corporate IT environment and steal encrypted passwords in an incident attributed to the Russian government. In an update on Sunday ...
4 months ago Therecord.media

Latest Cyber News

CVE-2024-43434 - 7 hours ago
CVE-2024-43436 - 7 hours ago
CVE-2024-43438 - 7 hours ago
CVE-2024-43440 - 7 hours ago
CVE-2024-43425 - 7 hours ago
CVE-2024-43426 - 7 hours ago
CVE-2024-43428 - 7 hours ago
CVE-2024-43431 - 7 hours ago
CVE-2024-8442 - 8 hours ago
CVE-2024-24914 - 9 hours ago
CVE-2024-10526 - 10 hours ago
CVE-2024-50169 - 11 hours ago
CVE-2024-50170 - 11 hours ago
CVE-2024-50171 - 11 hours ago
CVE-2024-50172 - 11 hours ago
CVE-2024-51504 - 11 hours ago
CVE-2024-50155 - 11 hours ago
CVE-2024-50156 - 11 hours ago
CVE-2024-50157 - 11 hours ago
CVE-2024-50158 - 11 hours ago

Cyber Trends (last 7 days)

Okta - 11 months ago
23andMe - 11 months ago
Kimsuky - 11 months ago
LogoFAIL - 11 months ago
Gh0st rat - 11 months ago

Trending Cyber News (last 7 days)

CVE-2024-10081 - 1 day ago
CVE-2024-10082 - 1 day ago
CVE-2024-10916 - 1 day ago
CVE-2024-35146 - 1 day ago
CVE-2024-6861 - 1 day ago
CVE-2024-10919 - 1 day ago
CVE-2024-10920 - 1 day ago
CVE-2024-10318 - 1 day ago
CVE-2024-20371 - 1 day ago
CVE-2024-20418 - 1 day ago
CVE-2024-20445 - 1 day ago
CVE-2024-20457 - 1 day ago
CVE-2024-20476 - 1 day ago
CVE-2024-20484 - 1 day ago
CVE-2024-20487 - 1 day ago
CVE-2024-20504 - 1 day ago
CVE-2024-20507 - 1 day ago
CVE-2024-20511 - 1 day ago
CVE-2024-20514 - 1 day ago
CVE-2024-20525 - 1 day ago