TeamViewer, a prominent provider of remote access software, has disclosed a security breach in its internal corporate IT infrastructure. The company made the announcement on Wednesday, June 26, 2024, triggering immediate response procedures and launching an in-depth investigation into the incident.
According to TeamViewer's official statement, the company's security team detected an "irregularity" within their internal systems, prompting swift action.
In response to this discovery, TeamViewer activated its incident response protocols and engaged a team of "globally renowned cyber security experts" to assist with the investigation and implementation of necessary remediation measures.
The company emphasizes that its primary focus remains ensuring the integrity of its systems as the investigation continues. This proactive approach underscores TeamViewer's commitment to security, which they claim is "deeply rooted in our DNA."
While the full extent of the breach is still under investigation, TeamViewer has provided some initial insights into the situation.
The company mentioned that its internal corporate IT environment, which was the target of the attack, is "completely independent" from its product environment. This separation of systems is a crucial point for TeamViewer's millions of users worldwide who rely on the software for remote access and support.
As of now, TeamViewer states that there is no evidence suggesting that the product environment or customer data have been affected by the breach. However, the company acknowledges that investigations are ongoing, leaving open the possibility that new information may come to light as the probe progresses.
A user in Mastodon wrote, that NCC Group, a well-known cybersecurity firm, has issued an alert to its customers about a "significant compromise of the TeamViewer remote access and support platform by an APT group."
APT, which stands for Advanced Persistent Threat, typically refers to sophisticated, often state-sponsored hacking groups. This characterization, if accurate, would suggest a high level of complexity and potential severity of the attack.
However, it's important to note that NCC Group has not disclosed its sources for this information and states that it is still investigating the incident.
This security incident at TeamViewer reminds the incidents that happened with Anydesk, another remote desktop application. Earlier this year in January, Anydesk was also breached when hackers gained access to the company's production systems and source code and private code signing keys were stolen during the attack.
As a widely used platform for remote access and support, any potential compromise of TeamViewer's systems could have far-reaching implications for businesses and individuals worldwide.
Update as of 30 June 2024
TeamViewer has provided further details on the data breach.
The company has confirmed that the attack was contained within their internal corporate IT environment and did not affect the product environment, connectivity platform, or any customer data.
The threat actor, now attributed to the group known as APT29 / Cozy Bear or Midnight Blizzard, leveraged a compromised employee account to access and copy employee directory data, including names, corporate contact information, and encrypted employee passwords for the internal systems.
TeamViewer has informed affected employees and relevant authorities and has implemented enhanced security measures, including hardened authentication procedures and additional protection layers.
The company is also rebuilding its internal corporate IT environment "towards a fully trusted state" and continues to investigate the incident with the help of external cybersecurity experts.
Next Steps and Advice for Users
As the investigation continues, TeamViewer users are advised to stay vigilant and monitor for any updates from the company regarding potential impacts or required actions. While there is currently no evidence of impact on the product environment or customer data, users should remain cautious and follow any security recommendations provided by TeamViewer in the coming days and weeks.