You can now find Cyber Kendra on Google News!

Is AnyDesk Compromise? What's Going on?

Use caution with the remote support software to avoid potential issues.

Is AnyDesk Hacked?

There is some noise rising up on X (formerly Twitter) about AnyDesk, one of the most popular remote desktop applications. And this noise is not pointing towards a positive sign. 

All the things started on Jan 30, 2024, when users of AnyDesk started reporting issues. On Jan 31, 2024, after the user's report, AnyDesk came up with the maintenance tweets. This was unexpected maintenance downtime for 48 hours and is quite a long maintenance period.

Some pictures became clear when Anydesk pushed the update with version 8.0.8 for the Windows platform. The official change log page of the AnyDesk client shows latest update is the security update (for Windows), which reads-

Security update: Exchanged code signing certificate. The previous certificate will be invalidated soon. Please update
AnyDesk Change Log Message

Currently, ambiguous details are slowly emerging regarding a cyber incident, yet there is an information embargo preventing access to specific details.  

AnyDesk Confirm it was Hacked

AnyDesk confirmed today that it suffered a recent cyberattack that allowed hackers to gain access to the company's production systems. BleepingComputer has learned that source code and private code signing keys were stolen during the attack.

The sign of the compromise was revealed after the changelog message for Windows clients. Still, it's not clear Why AnyDesk has pushed the update for Windows clients only?

AnyDesk is used legitimately by millions of IT professionals worldwide, to remotely connect to their clients' devices to help with technical issues. Even the AnyDesk homepage claims that it has been trusted by 170,000+ customers.

We strongly recommend everyone update their AnyDesk Windows client to the latest and not to use (at least for the meantime) it in critical infrastructure and server environments. 

Check the latest Update on Hack:

Also, keep monitoring the environments that have been remotely maintained in recent weeks. 

AnyDesk finally confirmed its production systems breach in a shady statement. Also, the Anydesk Status Page updated with the following statement -

"All client logins are now available. We will continue to monitor the login functionality to prevent any further interruptions."

The post has been updated with the official statement coming up from the Anydesk side acknowledging the security incident. 

1 comment

  1. 𝐇𝐚𝐜𝐤𝐞𝐫𝐬 𝐁𝐫𝐞𝐚𝐜𝐡 𝐀𝐧𝐲𝐃𝐞𝐬𝐤 𝐏𝐫𝐨𝐝𝐮𝐜𝐭𝐢𝐨𝐧 𝐒𝐞𝐫𝐯𝐞𝐫𝐬

    "AnyDesk says they have revoked security-related certificates and replaced systems as necessary. They also reassured customers that AnyDesk was safe to use and that there was no evidence of end-user devices being affected by the incident...AnyDesk is designed in a way which session authentication tokens cannot be stolen. They only exist on the end user's device and are associated with the device fingerprint. These tokens never touch our systems."

    https://www.bleepingcomputer.com/news/security/anydesk-says-hackers-breached-its-production-servers-resets-passwords/