Remote computing software provider AnyDesk confirmed late Friday that a cyberattack allowed hackers to gain access to the company’s production systems, putting the company on lockdown for nearly a week.
AnyDesk’s software is used by millions of IT professionals to quickly and remotely connect to their clients’ devices often to help with technical issues. On his websiteAnyDesk claims to have more than 170,000 customers, including Comcast, LG, Samsung and Thales.
The software is also a popular tool among threat actors and ransomware gangs, who have long used the software to gain and maintain access to the victim’s computer and data. The US cybersecurity agency CISA said in January that hackers had breached federal agencies using legitimate remote desktop software, including AnyDesk.
News of the suspected breach began spreading last Monday when AnyDesk announced it had exchanged the code signing certificates, which companies use to prevent hackers from breaking their code. After a multi-day outage, AnyDesk confirmed in an announcement late Friday that the company “found evidence of compromised production systems.”
AnyDesk said that as part of its incident response, the company had revoked all security-related certificates, patched or replaced systems where necessary, and revoked all passwords to AnyDesk’s customer portal.
“We will be revoking the previous code signing certificate for our binaries soon and have already started replacing it with a new one,” the company added on Friday.
AnyDesk said the incident was not related to ransomware, but did not disclose the specific nature of the cyberattack.
AnyDesk spokesman Matthew Caldwell did not respond to an email from TechCrunch. CrowdStrike, which is working with AnyDesk to remediate the cyberattack, declined to answer TechCrunch’s questions when reached on Monday.
AnyDesk did not respond to questions asking whether customer data was accessed, although the company said in its statement that “there is no evidence that any end-user systems have been affected.”
“We can confirm that the situation is under control and it is safe to use AnyDesk,” AnyDesk said. “Make sure you’re using the latest version, with the new code signing certificate.”
AnyDesk has already faced criticism for its handling of the cyber attack so far. As first reported by German blogger Günter BornAnyDesk he initially claimed The four-day outage since Jan. 29, during which the company blocked users from logging in, was “maintenance.” Jake Williams, a veteran first responder, accused AnyDesk a post on X to pull a “PR stunt” by disclosing the cyberattack to customers just before the weekend.
Security researchers say the hackers are selling access to AnyDesk accounts allegedly affected by the breach on known cybercrime forums, but also note that the stolen account information likely came from previous malware infections that included password-stealing malware on a user’s computer.
Do you have more information about this incident? Carly Page can be reached securely on Signal on +441536 853968 or by email. You can also contact TechCrunch via SecureDrop.
