Remote access software company TeamViewer reported a breach in its corporate environment in a cyberattack on June 26. The company claims that its corporate environment is independent of the product environment; hence, there’s no evidence to suggest that product or customer data has been accessed.
TeamViewer disclosed the breach in a post on the company’s Trust Center, claiming that it immediately alerted its response team, started investigations with “a team of globally renowned cybersecurity experts, and implemented necessary remediation measures.” The company hasn’t revealed the attack vector or the vulnerabilities exposed in the attack.
In a follow-up update, TeamViewer claims that the current findings point to an attack on the credentials of a standard employee account within their corporate IT environment. In collaboration with its external incident response support, the company attributes the attack to a threat actor, APT 29 or Midnight Blizzard. Once again, the company affirmed that the attack was contained within the corporate IT environment, and there’s no evidence that the threat actor gained access to product or consumer data.
As for the threat actor, APT29 is classified as an Advanced Persistent Threat (APT) group linked to the Russian foreign intelligence service. The group has been known to breach corporate environments before, as evident in its breach of Microsoft’s corporate email environment in November 2023. For a program used by over 640,000 customers worldwide and installed on 2.5 billion devices, a breach of any scale is worrisome, let alone one from a known and dangerous APT group.
The company further claims to be transparent about the breach, promising it’ll post any further updates to its investigation. However, BleepingComputer reports finding a meta tag in the announcement webpage that prevents the page from being accessed by web crawlers or search engines and, hence, is more difficult to find. Candid.Technology did not find the same tag on the announcement page at the time of writing.
In the News: Amazon investigates Perplexity over alleged violation of AWS web scraping rules