TeamViewer announced on Friday, June 28, that it had detected a computer intrusion attributed to APT29, a unit of Russian foreign intelligence services regularly identified in highly sophisticated espionage operations.
The company’s press release, which had announced the day before having identified “irregularities” in its system, greatly worries experts. TeamViewer is known for marketing popular remote access tools worldwide, used for example to share control of a computer during troubleshooting. TeamViewer currently believes that the attack was limited to part of the network and that the hackers did not succeed in accessing customer data or the infrastructure relating to products developed by the company. A new communication is expected by the end of the evening (French time).
The company claims that this attack started on June 26 and used the credentials of an employee, a very classic entry point in cases of computer intrusion into a company network. An alert had been issued on June 27 by the specialized IT security company NCC Group, which claimed to have received information indicating a compromise of TeamViewer by APT29.
The German developer, with hundreds of thousands of customers worldwide, is a prime target for espionage groups. Its widely distributed software, if compromised or modified, would provide an ideal gateway to take control of other networks. These attacks, called « supply chain »because they target service providers who supply businesses and institutions around the world, are today one of the main threats in terms of both espionage and cybercrime.
An actor specializing in espionage
The APT 29 group is one of the main actors involved in Russian cyber espionage operations. On June 19, the French National Agency for the Security of Information Systems (ANSSI) published a report detailing how this group, also called Nobelium, had targeted numerous French diplomats since 2021. The French embassy in kyiv was notably targeted by an email containing an infected attachment.
Read the interview | Article reserved for our subscribers Cyberattacks: “the threat is real”, from the Olympic Games to the European elections
Add to your selections
APT29 has also already distinguished itself by attacks of the type that hit TeamViewer. “They are attacking these technology companies to reach their customers, and hoping to find information that will feed into the Kremlin’s strategy.”said John Hultquist, chief analyst at specialist firm Mandiant, in a statement sent to Monde. For example, an extremely sophisticated attack revealed in 2020 targeted the IT development company SolarWinds, which sells its tools to companies and institutions around the world. The APT29 hackers managed to install a backdoor in software marketed by the company that allowed them to spy on affected customers.
Read also | Article reserved for our subscribers The SolarWinds affair, one of the “most sophisticated” cyberespionage operations of the decade
Add to your selections
