TeamViewer has fallen victim to a data breach that it is attributing to state-backed Russian hacker group.
The IT support giant last week reported the “irregularity” and has now confirmed details of an attack that it says has been contained to its internal corporate IT environment.
In an update to the incident last Friday, TeamViewer wrote that the threat actor APT29 (also known as Midnight Blizzard) was responsible for the breach – Russia’s Foreign Intelligence Service, SVR RF, is thought to be behind APT29.
TeamViewer Breach: the Timeline
The exploitation of TeamViewer’s systems first came to light when the company put up a statement on its Trust Center on Thursday confirming that, on Wednesday, June 26, 2024, “our security team detected an irregularity in TeamViewer’s internal corporate IT environment.”
That statement was followed the next day by two updates confirming that TeamViewer’s security team were investigating the incident together with “leading cyber security experts and relevant government authorities.”
🔎 Want to browse the web privately? 🌎 Or appear as if you're in another country?
Get a huge 86% off Surfshark with this special tech.co offer.
In the first update, the company confirmed that it was attributing the activity to APT29 / Midnight Blizzard, but that it believed no customer data had been breached.
“Following best-practice architecture, we have a strong segregation of the Corporate IT, the production environment, and the TeamViewer connectivity platform in place. This means we keep all servers, networks, and accounts strictly separate to help prevent unauthorized access and lateral movement between the different environments.” ~the TeamViewer statement
On Sunday, TeamViewer reconfirmed that the attack was limited to its internal environment, meaning that employee data such as names, corporate contact information and encrypted employee passwords had all been compromised.
Sunday’s update also stated that the company had “started to rebuild the internal corporate IT environment towards a fully trusted state” and that the effects of the password leak in particular had been mitigated.
Who Is APT29?
APT29 is a hacker group that is almost certainly backed by the Kremlin. The APT part of the name stands for ‘advanced persistent threat actor,’ although it also goes by many other monikers, such as Midnight Blizzard, Nobelium, CozyBear, CozyDuke, the Dukes and Office Monkey.
Although the group has been active since 2008, it first came to notoriety in 2015 when it gained access to the US Department of Defense’s (aka The Pentagon) network via a phishing operation.
In a targeted campaign of breaching the systems of government departments and other international organizations, APT29 has also been held responsible for cyberattacks on the Democratic National Committee and Covid-19 vaccine developers.
In its Nobelium guise, it was behind the infamous SolarWinds attack in 2021 and breached Microsoft’s corporate systems late last year.
Is TeamViewer Safe?
Although TeamViewer’s statements have been at pains to point out that no customer data has been leaked and that security is “deeply rooted in our DNA,” the breach will understandably call into question the overall security of the software.
The ATP29 hack isn’t the first in the company’s recent history, with Chinese hackers exposing vulnerabilities in 2019. And it’s notorious for being an open playing field for scammers to play in.
Luckily, we’ve covered the question of whether TeamViewer is safe in a dedicated article. In that analysis we praised its use of 256-bit AES encryption, while noting that “if used incorrectly, it could leave your devices open to abuse from third parties.”
If you use the remote access software, we recommend that you mitigate risks by using strong passwords, implementing two-factor authentication, carrying out all security updates when prompted, and turning on its advanced security options.
