TeamViewer's internal corporate IT environment was hit by a cyberattack on June 26, and the remote access software company issued an announcement the next day, saying that they “detected an irregularity.” The note said its internal corporate IT and the product environment are separate.
The company said response teams and procedures were activated, necessary remediation measures were taken, and an investigation into this security incident with cybersecurity experts was started. The announcement highlights that the product environment or customer data was not affected.
It is not yet known whether the attackers breached customer networks via flaws in TeamViewer or attacked TeamViewer's own systems.
No information regarding who was behind this cyberattack was found in TeamViewer's note, but many security researchers believe it was an advanced persistence threat (APT) group. The U.S. Health Information Sharing and Analysis Center (Health-ISAC) says the exploit is led by threat actors associated with APT29.
Also called BlueBravo, Cloaked Ursa, Cozy Bear, Midnight Blizzard, and The Dukes, APT29 is believed to be a state-sponsored threat actor aligned with the Russian Foreign Intelligence Service (SVR).
Recently, APT29 was linked to the breaches of Hewlett-Packard Enterprise (HPE) and Microsoft. The latter said Midnight Blizzard threat actor exfiltrated Microsoft corporate email accounts.
The popular Germany-based TeamViewer provides remote monitoring and management (RMM) software for managed service providers (MSPs) and IT departments to manage servers, workstations, network devices, and endpoints. It is currently used by over 640,000 customers worldwide.