Data Breaches

AnyDesk Shares More Information on Recent Hack

AnyDesk has provided more information on the recent hack, including when the attack started and its impact.

AnyDesk hack

AnyDesk has shared more information on the recent hacker attack, including when threat actors first breached its systems and the impact of the incident.

According to the developer of the popular remote access software, the intrusion was discovered in mid-January and a forensic investigation showed that the hackers first breached its systems in late December 2023. 

The investigation revealed that the hackers compromised production systems, but there is no indication that they have obtained customer credentials or that malicious versions of the AnyDesk software have been distributed as a result of this incident.

“We have performed a review of our code and see no malicious modifications. We also have no evidence of malicious code being distributed to customers through any AnyDesk systems,” the company stated.

Nevertheless, code-signing certificates and security-related certificates are being revoked and AnyDesk is pushing out software updates with the new certificates. 

It’s unlikely that the attackers obtained user credentials, but there is a theoretical possibility that they did and AnyDesk has decided to force a password reset for all customers.

The firm has admitted that two relay servers located in Europe, which transmit credentials entered into the AnyDesk client, have been compromised. While it’s unlikely, the attackers could have theoretically rewritten AnyDesk code, trick customers into using the malicious software, and get them to provide their password. 

On the other hand, the company said it can confidently rule out the possibility of user session hijacking as a result of the security breach.

Advertisement. Scroll to continue reading.

AnyDesk clarified that it was not a ransomware attack and there was no extortion attempt. 

It also highlighted that recent reports of user credentials being sold on the dark web are not related to the incident as the credentials were stolen directly from customer systems by information-stealing malware. The forced password reset procedure initiated now should also address the risk for customers whose systems were infected with infostealers. 

Related: Russian Cyberspies Exploiting TeamCity Vulnerability at Scale: Government Agencies

Related: North Korean Software Supply Chain Attack Hits North America, Asia 

Related: New ‘Carderbee’ APT Targeted Chinese Security Software in Supply Chain Attack

Related Content

Data Breaches

The RansomHub group has started leaking information allegedly stolen from Change Healthcare in February 2024.

Data Breaches

Omni Hotels says customer information was compromised in a cyberattack claimed by the Daixin Team ransomware group.

Data Breaches

Cisco Duo warns that breach exposed phone numbers, phone carriers, metadata and other logs that could lead to downstream social engineering attacks.

Data Breaches

The US government issues a red-alert for what appears to be a massive supply chain breach at Sisense, a company that sells big-data analytics...

Data Breaches

The recent AT&T data breach impacts 51 million customers, the company tells Maine's attorney general.

Data Breaches

The personal information of 500,000 people was compromised in a data breach at Group Health Cooperative of South Central Wisconsin.

Data Breaches

Veterinary services provider CVS Group is restoring systems after a cyberattack disrupted its UK operations.

Data Breaches

Economic analysis and litigation support firm GMA says personal and medical information was stolen in a May 2023 data breach.

Copyright © 2024 SecurityWeek ®, a Wired Business Media Publication. All Rights Reserved.

Exit mobile version