Cyber Blog

TeamViewer, the well-known provider of remote access tools, has confirmed a cyberattack on its corporate network attributed to government-backed hackers from Russian intelligence, specifically APT29 (also known as Midnight Blizzard). The German-based company discovered an initial intrusion on June 26, linked to the credentials of a standard employee account within their corporate IT environment. TeamViewer assured that the attack was contained to its corporate network, maintaining that their internal network is separate from customer systems, and there is no evidence of the threat actor accessing their product environment or customer data.

Despite the company’s assurances, spokesperson Martina Dier declined to address specific questions from TechCrunch, such as whether they possess technical capabilities, like logs, to determine if any data was accessed or exfiltrated. TeamViewer serves corporate customers like DHL and Coca-Cola and facilitates remote access to over 2.5 billion devices globally. However, it is also known for the potential misuse by malicious hackers to remotely plant malware on victims’ devices. The exact method of how the employee’s credentials were compromised remains unclear.

APT29, attributed to Russia’s foreign intelligence service, the SVR, is known for its persistent and well-resourced operations, employing straightforward yet effective hacking techniques to steal sensitive data. This latest breach of TeamViewer follows similar intrusions by APT29, including a recent attack on Microsoft’s corporate network and the 2019-2020 espionage campaign targeting U.S. software firm SolarWinds. The SolarWinds attack allowed Russian hackers access to numerous U.S. federal government agencies by planting a hidden backdoor in the company’s software, impacting networks like the Treasury and Justice Departments.

4o