TeamViewer, one of the most important remote control software and technical support, was the victim of a cyberattack. In a press release published on June 28, 2024, the German company, which has more than 600,000 paying subscribers around the world and claims more than 2.5 billion installations, indicates that it has identified a computer intrusion.
Also read: 5.9 million French people’s data are on sale on the Amazon of cybercriminals
A compromised account
According to the firm, the operation began two days earlier, on June 26. That day, pirates managed to “copy data from employee directory”. This directory includes “employee names, company contact information, and encrypted passwords for the company’s internal IT environment”. This is therefore rather sensitive information. Using this information and dedicated software, a hacker can crack passwords and penetrate the firm’s systems.
To achieve their goals, the hackers usedan account belonging to a TeamViewer employee that was compromised. This is usually the starting point for most cyberattacks targeting businesses. One way or another, hackers manage to steal an employee’s credentials, whether through malware or another data leak. This is what happened in the LastPass hack two years ago. At this point in the investigation, TeamViewer has not revealed how the account responsible for the intrusion was compromised.
Limited damage
Fortunately, TeamViewer partitions the different parts of its network. The firm explains in fact that it has implemented “a strong separation of corporate IT, the production environment and the TeamViewer connectivity platform.” De facto, the internal IT environment is “completely independent” of the product environment. The hackers were therefore unable to access the software product and client environment from the internal environment. The attack was contained to part of the group’s infrastructure.
In addition, the German company promptly took strong measures to mitigate “the risk associated with encrypted passwords contained in the directory” with the help of Microsoft. TeamViewer reports having “strengthened authentication procedures” while adding “other strong layers of protection”These measures should prevent hackers from exploiting the stolen data to orchestrate further intrusions.
Another shot of Midnight Blizzard
According to TeamViewer, the cyberattack was carried out by APT29, a gang also known as Midnight Blizzard, Cozy Bear, or Nobelium. The gang is known for collaborating with Russian intelligence services. They are also responsible for a plethora of espionage operations. In the past, APT29 has targeted HPE (Hewlett Packard Enterprise), French diplomats, and SolarWinds. This year, they even managed to penetrate Microsoft’s infrastructure. The cybercriminals were able to spy on emails exchanged by company officials before being ejected.
Note that this is not the first time that TeamViewer has found itself in the crosshairs of hackers. Remote access software, very popular around the world, allows you to take control of a computer, which facilitates the deployment of malware. Last January, the software was also used to install ransomware on machines. A year earlier, TeamViewer found itself involved in a campaign aimed at deploying viruses capable of mining cryptocurrencies without users’ knowledge. In 2021, a cybercriminal even relied on TeamViewer to break into the system of a Florida water plant. Once in the system, it was able to contaminate the water, forcing authorities to uninstall TeamViewer from all government organizations in the area.
To not miss any news from 01net, follow us on Google News and WhatsApp.
Source :
TeamViewer
