TeamViewer, a prominent remote access software company, confirmed on Thursday that it detected “an irregularity” in its internal corporate IT environment on Wednesday.
“On Wednesday, 26 June 2024, our security team detected an irregularity in TeamViewer’s internal corporate IT environment,” TeamViewer said in a statement on its Trust Center page.
“We immediately activated our response team and procedures, started investigations together with a team of globally renowned cyber security experts and implemented necessary remediation measures.”
The company added that the attacked internal corporate IT environment is completely separate from the production environment and customer data.
As a result, the attack on TeamViewer has not affected the product environment or customers.
“Security is of utmost importance for us, it is deeply rooted in our DNA. Therefore, we value transparent communication and will continuously update the status of our investigations as new information becomes available,” TeamViewer added.
TeamViewer has 640,000 customers around the world and is installed on over 2.5 million systems. While the company did not mention who was behind the cyberattack, a Mastodon user named “Jeffrey” shared a message on Thursday from cybersecurity firm NCC Group to its customers about a “significant compromise of the TeamViewer remote access and support platform by an APT group.”
Additionally, the user even said a post by the American Hospital Association (AHA), said the non-profit U.S. Health Information Sharing and Analysis Center (Health-ISAC) warned that TeamViewer might have been actively targeted by the Russian hacking group APT29, also known as Cozy Bear, NOBELIUM, and Midnight Blizzard.
“On June 27, 2024, Health-ISAC received information from a trusted intelligence partner that APT29 is actively exploiting TeamViewer. Health-ISAC recommends reviewing logs for any unusual remote desktop traffic,” reads the Health-ISAC warning shared by Jeffrey.
“Threat actors have been observed leveraging remote access tools. TeamViewer has been observed being exploited by threat actors associated with APT29.”
APT29, a Russian-linked cyberespionage organization led by the Russian Foreign Intelligence Service (SVR), is typically known for conducting sophisticated and targeted cyberattacks against government networks in Europe and NATO member countries, IT service providers, health technology and research institutes, telecommunications providers and other organizations. Recently, it was connected to the breaches of Microsoft and Hewlett Packard Enterprise (HPE).
As TeamViewer continues its investigation into the possible internal corporate IT breach, users should stay cautious and watch for company updates regarding potential impacts or required actions.
They should also follow any security recommendations provided by TeamViewer in the coming days and weeks.
