TeamViewer has confirmed that a notorious Russian cyberespionage group appears to be behind the recent hacker attack targeting the company's systems.
The remote connectivity software provider revealed last week that it had detected an intrusion on June 26.
According to follow-up statements issued by the company on Friday and over the weekend, the breach only impacted its internal corporate IT environment, and did not affect its product environment, the TeamViewer connectivity platform, or any customer data.
The company revealed that the attackers hacked into its systems after obtaining the credentials for a standard employee account that had access to the corporate IT environment.
The hackers leveraged the employee account to copy employee directory data such as names, corporate contact information, and encrypted employee passwords for the internal corporate environment.
When the hack came to light, NCC Group reported that an APT was behind the attack, and the US-based Health Information Sharing and Analysis Center issued an alert saying that the Russia-linked APT29 was behind the intrusion.
TeamViewer has confirmed that it currently attributes the attack to APT29, which among many other names is also known as Cozy Bear and Midnight Blizzard.
This state-sponsored cyberspy group is known for high-impact attacks targeting important organizations, including Microsoft.
TeamViewer's confirmation that APT29 appears to be behind the attack came just as Microsoft has been alerting more customers that the group has stolen their emails as part of a recent campaign.
This Cyber News was published on www.securityweek.com. Publication date: Mon, 01 Jul 2024 09:13:06 +0000