Software company TeamViewer confirmed on Friday that a prolific Russian hacking group breached its corporate IT environment earlier in the week.
In an updated statement, the company attributed a recently announced incident to APT29, also known as Cozy Bear, BlueBravo and Midnight Blizzard.
The group, allegedly housed within Russia's Foreign Intelligence Service, has been implicated in several of the most consequential hacks of the last decade - including the 2020 SolarWinds hack and the 2016 attack on the Democratic National Committee.
A spokesperson for the company did not respond to several questions about what systems or data were accessed by APT29.
The incident emerged on Thursday when several organizations began warning customers and members about APT29's attack on TeamViewer.
Cybersecurity firm NCC Group and a healthcare industry cybersecurity coalition both released private alerts raising alarms about the breach.
Hultquist said APT29's focus is obtaining intelligence that helps the Kremlin make strategic decisions - specifically targeting data that provides insight into foreign affairs.
APT29 was recently implicated in a major attack on Microsoft that exposed emails from several U.S. federal agencies that may have contained authentication details or credentials.
Bloomberg reported on Thursday night that Microsoft has begun notifying more organizations that their emails and other information was accessed as part of APT29's attack.
Hultquist noted that APT29 recently targeted political parties in Germany as well.
'I don't see it happening': CISA chief dismisses ban on ransomware payments.
Chicago children's hospital says nearly 800,000 affected by January ransomware attack.
This Cyber News was published on therecord.media. Publication date: Fri, 28 Jun 2024 19:00:22 +0000