TeamViewer says its network was breached — but customer and company data is safe

“Irregularity” in TeamViewer network blamed on APT29 / Midnight Blizzard

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

TeamViewer has warned users it may have suffered a breach, but has reassured it does not appear any company or customer data has been affected.

Astatementon the TeamViewer Trust Center site stated on June 26, the company detected an “irregularity” in the company’s internal corporate IT environment that it attributed to the notorious APT29 / MidnightBlizzardcybercrime gang.

“Based on current findings of the investigation, the attack was contained within the Corporate IT environment and there is no evidence that the threat actor gained access to our product environment or customer data,” the company added.

Significant compromise

Theremote accessgiant said it had activated its response team and procedures, brought in third-party cybersecurity experts to help with the problem, and “implemented necessary remediation measures.”

“Following best-practice architecture, we have a strong segregation of the Corporate IT, the production environment, and the TeamViewer connectivity platform in place,” it added.

“This means we keep all servers, networks, and accounts strictly separate to help prevent unauthorized access and lateral movement between the different environments. This segregation is one of multiple layers of protection in our ‘defense in-depth’ approach.”

At the same time, other security firms are picking up on the attack and are sharing more details. As spotted byThe Register, NCC Group Global is warning its customers of an advanced persistent threat (APT) pulling off a “significant compromise of the TeamViewer remote access and support platform”.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

At the same time, the US Health Information Sharing and Analysis Center (H-ISAC) is saying hackers are “actively exploiting” TeamViewer, Emsisoft’s researchers found. H-ISAC users should keep a close eye on their remote desktop protocol for unusual traffic, the organization apparently said.

For its part, TeamViewer noted, “security is of utmost importance for us, it is deeply rooted in our DNA. Therefore, we commit to transparent communication to stakeholders.”

For the uninitiated, APT29 is also known as Cozy Bear, and is believed to be a Russian state-sponsored threat actor. It is best known for an attack onMicrosoftwhich allowed it to steal emails from the accounts of officials working in several US federal agencies.

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

This new phishing strategy utilizes GitHub comments to distribute malware

Should your VPN always be on?

Phishing attacks surge in 2024 as cybercriminals adopt AI tools and multi-channel tactics