Germany-based TeamViewer SE, known for its remote access software, disclosed a significant network breach attributed to APT29, a Russian state-backed hacking group, on Thursday. APT29 previously led the 2020 SolarWinds hacking campaign.
TeamViewer’s platform, popular among technical support professionals, allows remote computer access for troubleshooting, file sharing, and screen sketching. Their specialized version, TeamViewer Assist AR, facilitates equipment maintenance with real-time technical data sharing, boasting over 640,000 customers, including Coca-Cola and DHL.
The breach came to light via a Dutch Digital Trust Center alert shared on Telegram. TeamViewer confirmed the incident, revealing that hackers accessed their systems using standard employee credentials. Immediate response measures involved globally renowned cybersecurity experts.
The hackers infiltrated TeamViewer’s internal corporate IT environment, which operates separately from the remote access application infrastructure. TeamViewer assures that there is no evidence of access to the product environment or customer data.
Health-ISAC, an industry group aiding healthcare organizations in cyberattack information sharing, alerted members about APT29’s exploitation of TeamViewer. They advised reviewing system logs for unusual access attempts.
TeamViewer pledges continuous updates as the investigation progresses. This incident underscores the necessity for robust cybersecurity measures, even for well-defended systems.
To understand this better, imagine a burglar using a copied house key to sneak into a garden shed without entering the main house. The shed represents TeamViewer’s corporate IT, while the main house is the secure remote access infrastructure. The burglars did not get inside the main house, but the incident reveals potential vulnerabilities that need addressing.
