Software company TeamViewer says that a compromised employee account is what enabled hackers to breach its internal corporate IT environment and steal encrypted passwords in an incident attributed to the Russian government.
In an update on Sunday evening, TeamViwer said a Kremlin-backed group tracked as APT29 was able to copy employee directory data like names, corporate contact information and the encrypted passwords, which were for the company's internal IT environment.
The company reaffirmed that the hackers were not able to gain access to the company's product environment or customer data, and that the breach, first reported last week, appears to be contained.
TeamViewer said it has contacted authorities about the incident.
APT29 - associated with Russia's foreign intelligence service, the SVR - is one of the Kremlin's highest-profile hacking operations.
TeamViewer's remote access and remote control software is used to remotely manage fleets of devices.
The company has previously faced attacks by alleged Chinese hackers and its products have often been deployed maliciously by hackers themselves during security incidents.
Multiple organizations published warnings last week about the APT29 breach, urging TeamViewer customers to take a range of actions - including reviewing logs for any unusual remote desktop traffic and enabling two-factor authentication.
TeamViewer has not responded to questions about what APT29 appeared to be looking for during the incident.
The theft of encrypted passwords by APT29 matches another incident earlier this year where the same group infiltrated Microsoft's systems and stole authentication details, credentials and emails from the tech giant's senior leaders.
Poland to probe Russia-linked cyberattack on state news agency.
Japanese anime and gaming giant admits data leak following ransomware attack.
This Cyber News was published on therecord.media. Publication date: Mon, 01 Jul 2024 19:20:27 +0000