TeamViewer, the company that makes widely used remote access tools for companies, has confirmed an ongoing cyberattack on its corporate network.
In statement on Fridaythe company attributed the compromise to government-sponsored hackers working for Russian intelligence known as APT29 (and Midnight Blizzard).
The Germany-based company said its investigation so far points to an initial intrusion on June 26 “linked to the credentials of a typical employee account in our corporate IT environment.”
TeamViewer said the cyberattack was “confined” to its corporate network and that the company keeps its internal network and customer systems separate. The company added that it “has no evidence that the threat actor gained access to our product environment or customer data.”
Martina Dier, a spokesperson for TeamViewer, declined to answer a series of questions from TechCrunch, including whether the company has the technical ability, such as logs, to determine what, if any, data was accessed or infiltrated from its network.
TeamViewer is one of the most popular providers of remote access tools, allowing its enterprise customers — including shipping giant DHL and beverage company Coca-Cola, per its website — to access other devices and computers via the Internet. The company says it has more than 600,000 paying customers and facilitates remote access to more than 2.5 billion devices worldwide.
TeamViewer is too known to be abused by malicious hackers for its ability to be used to remotely install malware on a victim’s device.
It’s not known how the TeamViewer employee’s credentials were compromised, and TeamViewer didn’t say.
The US government and security researchers have long attributed APT29 to hackers working for Russia’s foreign intelligence agency, the SVR. APT29 is one of the most persistent hacking groups with government-backed resources and is known for using simple but effective hacking techniques – including password theft – to conduct long-running covert espionage campaigns based on stealing sensitive data.
TeamViewer is the latest technology company recently targeted by Russia’s SVR. The same group of government hackers breached Microsoft’s corporate network earlier this year to steal emails from top executives to learn what was known about the attackers themselves. Microsoft said other tech companies were hacked during the ongoing Russian spying campaign, and the US cybersecurity agency CISA confirmed that federal government emails hosted on Microsoft’s cloud were also stolen.
Months later, Microsoft said it was fighting to expel the hackers from its systems, calling the campaign a “sustaining, significant commitment” of the Russian government’s “resources, coordination and focus.”
The US government also blamed Russia’s APT29 for the 2019-2020 espionage campaign targeting US software company SolarWinds. The cyberattack led to the massive hacking of US federal government services through the installation of a backdoor in SolarWinds core software. When the infected software update was pushed out to SolarWinds customers, the Russian hackers had access to every network running the compromised software, including the Treasury Department, Justice Department, and State Department.
Do you know more about TeamViewer cyber attack? Getting in touch. To contact this reporter, please contact Signal and WhatsApp at +1 646-755-8849 or via email. You can also send files and documents via SecureDrop.
