Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Nation-State

TeamViewer Hack Officially Attributed to Russian Cyberspies

TeamViewer has confirmed that the Russian cyberespionage group APT29 appears to be behind the recent hack.

Teamviewer hacked

TeamViewer has confirmed that a notorious Russian cyberespionage group appears to be behind the recent hacker attack targeting the company’s systems. 

The remote connectivity software provider revealed last week that it had detected an intrusion on June 26. 

According to follow-up statements issued by the company on Friday and over the weekend, the breach only impacted its internal corporate IT environment, and did not affect its product environment, the TeamViewer connectivity platform, or any customer data. 

“Following best-practice architecture, we have a strong segregation of the Corporate IT, the production environment, and the TeamViewer connectivity platform in place,” TeamViewer explained. “This means we keep all servers, networks, and accounts strictly separate to help prevent unauthorized access and lateral movement between the different environments.”

The company revealed that the attackers hacked into its systems after obtaining the credentials for a standard employee account that had access to the corporate IT environment. 

The hackers leveraged the employee account to copy employee directory data such as names, corporate contact information, and encrypted employee passwords for the internal corporate environment. 

“The risk associated with the encrypted passwords contained in the directory has been mitigated in collaboration with leading experts from our incident response partner Microsoft,” TeamViewer said.

When the hack came to light, NCC Group reported that an APT was behind the attack, and the US-based Health Information Sharing and Analysis Center (Health-ISAC) issued an alert saying that the Russia-linked APT29 was behind the intrusion.  

Advertisement. Scroll to continue reading.

TeamViewer has confirmed that it currently attributes the attack to APT29, which among many other names is also known as Cozy Bear and Midnight Blizzard. This state-sponsored cyberspy group is known for high-impact attacks targeting important organizations, including Microsoft.  

TeamViewer’s confirmation that APT29 appears to be behind the attack came just as Microsoft has been alerting more customers that the group has stolen their emails as part of a recent campaign. 

*APT29 is also known as ATK7, Blue Kitsune, BlueBravo, Cloaked Ursa, G0016, Grizzly Steppe, Group 100, Iron Hemlock, ITG11, Minidionis, Nobelium, SeaDuke, TA421, The Dukes, UAC-0029, and Yttrium. 

Related: Microsoft Says Russian Gov Hackers Stole Source Code After Spying on Executive Emails

Related: US, Israel Provide Guidance on Securing Remote Access Software

Related: AnyDesk Shares More Information on Recent Hack

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Learn how to utilize tools, controls, and design models needed to properly secure cloud environments.

Register

Event: ICS Cybersecurity Conference

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Register

People on the Move

SaaS security company AppOmni has hired Joel Wallenstrom as its General Manager.

FTI Consulting has appointed Brett Callow as Managing Director in its Cybersecurity & Data Privacy Communications practice.

Mobile security firm Zimperium has welcomed David Natker as its VP of Global Partners and Alliances.

More People On The Move

Expert Insights