Excerpt from The Hacker News Article, Published on June 28, 2024
On June 26, 2024, TeamViewer disclosed an “irregularity” in its internal corporate IT environment. The company responded swiftly by activating its response team and collaborating with top cybersecurity experts to investigate and implement necessary remediation measures.
TeamViewer assured that its corporate IT environment is isolated from its product environment, ensuring no customer data has been compromised. While the company has not revealed details about the perpetrators or methods of the intrusion, an ongoing investigation is expected to provide more information.
The German company TeamViewer is well-known for its remote monitoring and management (RMM) software, which over 600,000 users, including managed service providers (MSPs) and IT departments, use to manage servers, workstations, network devices, and endpoints.In an interesting development, the U.S. Health Information Sharing and Analysis Center (Health-ISAC) issued a bulletin warning about threat actors exploiting TeamViewer. The American Hospital Association (AHA) highlighted that APT29-related cyber threats are targeting remote access tools like TeamViewer.
APT29, also known as BlueBravo, Cloaked Ursa, Cozy Bear, Midnight Blizzard, and The Dukes, is a Russian state-sponsored threat actor linked to the Russian Foreign Intelligence Service (SVR). This group has been involved in notable breaches, including those of Microsoft and Hewlett Packard Enterprise (HPE). Following these breaches, Microsoft revealed that APT29 accessed some customer email inboxes, a fact confirmed by Bloomberg and Reuters.
TeamViewer’s situation raises questions about whether attackers are exploiting vulnerabilities in its software, leveraging poor security practices, or directly targeting TeamViewer’s systems. The company promises to keep the public updated as new information emerges from the ongoing investigation.
To delve deeper into this topic, please read the full article on The Hacker News
