Excerpt from Securityweek Article – Published on Feb 07, 2024

Following a recent security breach, AnyDesk has released further details regarding the incident, shedding light on the timeline of the attack and its ramifications.

According to the developers of the widely used remote access software, the intrusion was first detected in mid-January, with forensic analysis revealing that the hackers initially gained access to their systems in late December 2023. While the investigation confirmed that the hackers breached production systems, AnyDesk reassured users that there is no evidence suggesting the compromise of customer credentials or the distribution of malicious versions of their software.

“We have conducted a thorough review of our code and found no signs of malicious alterations. Additionally, we have not detected any instances of malicious code being disseminated through our systems to customers,” the company affirmed. Nevertheless, as a precautionary measure, AnyDesk has revoked code-signing certificates and other security-related certificates. Additionally, they are rolling out software updates featuring the new certificates.

Although it’s deemed improbable that the attackers obtained user credentials, AnyDesk has opted to enforce a mandatory password reset for all users as a precautionary measure. The company disclosed that two relay servers in Europe, responsible for transmitting credentials inputted into the AnyDesk client, were compromised. While the likelihood is low, there exists a theoretical scenario where attackers could manipulate AnyDesk code, potentially luring customers into using malicious software and disclosing their passwords.

However, AnyDesk emphasized that there is no evidence of user session hijacking resulting from the breach. Crucially, AnyDesk clarified that the incident was not a ransomware attack, and no extortion attempts were made. Furthermore, the company clarified that recent reports of user credentials surfacing on the dark web are unrelated to the breach. Information-stealing malware allegedly stole these credentials directly from customer systems. The mandated password reset aims to reduce risks for customers whose systems might have fallen victim to such malware. The comprehensive response from AnyDesk underscores their commitment to transparency and user security in the aftermath of the breach.

To delve deeper into this topic, please read the full article in Securityweek.