TeamViewer hit by russian hackers: no customer data compromised
TeamViewer fell victim to Russian hackers. The company had previously faced attacks by Chinese hackers. This time, the security breach occurred by taking over an IT employee's account.
5 July 2024 11:19
The owners of the TeamViewer software are now facing significant problems. According to Sekuraka’s editorial team, a hacking attack took place. This time, the popular remote access program was targeted by the Russian cybercriminal group APT29. In the past, TeamViewer had been attacked by another group, the Chinese APT group.
TeamViewer’s troubles began on June 26 at 2:00 PM Eastern Time. It was reported that there might have been a security breach in the corporate network. The security breach concerned the internal network, which remains independent of the production environment. There are no suspicions that customer data has been compromised.
The next day, NCC Group and Health-ISAC warnings appeared online, directed at these companies' clients. They stated that the APT29 group had breached the platform's security and was using it in attacks. As cited by Sekurak, users were advised to review event logs for unusual activity related to remote desktop operations.
TeamViewer's security department responded to this information and issued an update. Analyses revealed that the security breach occurred when an IT employee's account was taken over.
Russian hackers attacked TeamViewer
TeamViewer confirmed that the APT29 group carried out the attack. It was emphasized again that the attack took place in the internal environment and did not impact the production environment. The servers, networks, and accounts that could provide access to TeamViewer’s customer infrastructure were not affected by the attack.
According to the published information, the hackers used the compromised account to copy data from the employee directory, including names, company contact details, and encrypted passwords, to the internal IT environment. Sekurak emphasizes that TeamViewer has begun rebuilding the internal environment to enhance security. Microsoft assisted in responding to the attack.