The remote access software company TeamViewer is warning that its corporate environment was breached in a cyberattack yesterday, with a cybersecurity firm claiming it was by an APT hacking group.
The company says that it plans to be transparent about the breach and will continuously update the status of its investigation as more information becomes available.
TeamViewer is a very popular remote access software that allows users to remotely control a computer and use it as if they were sitting in front of the device.
The company says its product is currently used by over 640,000 customers worldwide and has been installed on over 2.5 billion devices since the company launched.
While TeamViewer states there is no evidence that its product environment or customer data has been breached, its massive use in both consumer and corporate environments makes any breach a significant concern as it would provide full access to internal networks.
News of the breach was first reported on Mastodon by IT security professional Jeffrey, who shared portions of an alert shared on the Dutch Digital Trust Center, a web portal used by the government, security experts, and Dutch corporations to share information about cybersecurity threats.
An alert from Health-ISAC, a community for healthcare professionals to share threat intelligence, also warned today that TeamViewer services were allegedly being actively targeted by the Russian hacking group APT29, also known as Cozy Bear, NOBELIUM, and Midnight Blizzard.
APT29 is a Russian advanced persistent threat group linked to Russia's Foreign Intelligence Service.
The hacking group is known for its cyberespionage abilities and has been linked to numerous attacks over the years, including attacks on Western diplomats and a recent breach of Microsoft's corporate email environment.
While the alerts from both companies come today, just as TeamViewer disclosed the incident, it is unclear if they are linked as TeamViewer's and NCC's alerts address the corporate breach, while the Health-ISAC alert focuses more on targeting TeamViewer connections.
BleepingComputer contacted TeamViewer with questions about the attack but was told no further information would be shared as they investigated the incident.
This Cyber News was published on www.bleepingcomputer.com. Publication date: Thu, 27 Jun 2024 18:30:28 +0000