Connect with us

Hi, what are you looking for?


Data Breaches

Russian APT Reportedly Behind New TeamViewer Hack

TeamViewer’s corporate network was hacked and some reports say the Russian group APT29 is behind the attack.

Teamviewer hacked

Remote connectivity software provider TeamViewer has detected a corporate network compromise and some reports say a Russian APT is behind the attack.

According to a statement posted on the TeamViewer website, the company’s security team detected “an irregularity” in the internal corporate IT environment on June 26. 

“TeamViewer’s internal corporate IT environment is completely independent from the product environment,” the company said. “There is no evidence to suggest that the product environment or customer data is affected. Investigations are ongoing and our primary focus remains to ensure the integrity of our systems.”

A Mastodon user named Jeffrey reported on Thursday that NCC Group’s threat intelligence team has been informing the cybersecurity firm’s customers about a “significant compromise of the TeamViewer remote access and support platform by an APT group.”

The same user said the US-based Health Information Sharing and Analysis Center (Health-ISAC) has issued an alert saying that the organization learned from a trusted intelligence partner that the notorious Russia-linked APT29 is behind the attack and “actively exploiting TeamViewer”. 

“Health-ISAC recommends reviewing logs for any unusual remote desktop traffic. Threat actors have been observed leveraging remote access tools,” the organization is quoted as saying. 

APT29, which among many other names is also known as Cozy Bear and Midnight Blizzard, is a Russian state-sponsored threat group known for high-impact attacks targeting important organizations

In the past years, TeamViewer was often abused by malicious actors to spy on users, including on government officials.

Advertisement. Scroll to continue reading.

In 2019, the company confirmed that it was hacked in 2016, but argued that it decided not to disclose the incident at the time after finding no evidence of impact on customers. A threat actor likely operating out of China was believed to be behind the attack.   

As far as the new breach is concerned, TeamViewer has promised to be transparent and provide updates on the incident as its investigation progresses.

Related: US, Israel Provide Guidance on Securing Remote Access Software

Related: Hunter-Killer Malware Tactic Growing: Stealthy, Persistent and Aggressive

Related: AnyDesk Shares More Information on Recent Hack

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.


Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Learn how to utilize tools, controls, and design models needed to properly secure cloud environments.


Event: ICS Cybersecurity Conference

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.


People on the Move

SaaS security company AppOmni has hired Joel Wallenstrom as its General Manager.

FTI Consulting has appointed Brett Callow as Managing Director in its Cybersecurity & Data Privacy Communications practice.

Mobile security firm Zimperium has welcomed David Natker as its VP of Global Partners and Alliances.

More People On The Move

Expert Insights