The distant entry software program firm TeamViewer is warning that its company atmosphere was breached in a cyberattack yesterday, with a cybersecurity agency claiming it was by an APT hacking group.
“On Wednesday, 26 June 2024, our safety group detected an irregularity in TeamViewer’s inner company IT atmosphere,” TeamViewer stated in a put up to its Belief Heart.
“We instantly activated our response group and procedures, began investigations along with a group of worldwide famend cyber safety specialists and applied mandatory remediation measures.”
“TeamViewer’s inner company IT atmosphere is totally impartial from the product atmosphere. There isn’t a proof to counsel that the product atmosphere or buyer information is affected. Investigations are ongoing and our major focus stays to make sure the integrity of our programs.”
The corporate says that it plans to be clear in regards to the breach and can constantly replace the standing of its investigation as extra info turns into obtainable.
Nevertheless, although they are saying they purpose to be clear, the “TeamViewer IT safety replace” web page comprises a HTML tag, which prevents the doc from being listed by serps and thus onerous to seek out.
TeamViewer is a very fashionable distant entry software program that enables customers to remotely management a pc and use it as in the event that they have been sitting in entrance of the system. The corporate says its product is at present utilized by over 640,000 prospects worldwide and has been put in on over 2.5 billion units because the firm launched.
Whereas TeamViewer states there isn’t any proof that its product atmosphere or buyer information has been breached, its large use in each client and company environments makes any breach a major concern as it will present full entry to inner networks.
In 2019, TeamViewer confirmed a 2016 breach linked to Chinese language risk actors as a result of their use of the Winnti backdoor. The corporate stated they didn’t disclose the breach on the time as information was not stolen within the assault.
Alleged APT group behind assault
Information of the breach was first reported on Mastodon by IT safety skilled Jeffrey, who shared parts of an alert shared on the Dutch Digital Belief Heart, an internet portal utilized by the federal government, safety specialists, and Dutch companies to share details about cybersecurity threats.
“The NCC Group International Menace Intelligence group has been made conscious of serious compromise of the TeamViewer distant entry and help platform by an APT group,” warns an alert from the IT safety agency NCC Group.
“As a result of widespread utilization of this software program the next alert is being circulated securely to our prospects.”
An alert from Well being-ISAC, a group for healthcare professionals to share risk intelligence, additionally warned as we speak that TeamViewer companies have been allegedly being actively focused by the Russian hacking group APT29, also referred to as Cozy Bear, NOBELIUM, and Midnight Blizzard.
“On June 27, 2024, Well being-ISAC acquired info from a trusted intelligence accomplice that APT29 is actively exploiting Teamviewer,” reads the Well being-ISAC alert shared by Jeffrey.
“Well being-ISAC recommends reviewing logs for any uncommon distant desktop site visitors. Menace actors have been noticed leveraging distant entry instruments. Teamviewer has been noticed being exploited by risk actors related to APT29.”
APT29 is a Russian superior persistent risk group linked to Russia’s International Intelligence Service (SVR). The hacking group is thought for its cyberespionage skills and has been linked to quite a few assaults over time, together with assaults on Western diplomats and a latest breach of Microsoft’s company e mail atmosphere.
Whereas the alerts from each firms come as we speak, simply as TeamViewer disclosed the incident, it’s unclear if they’re linked as TeamViewer’s and NCC’s alerts handle the company breach, whereas the Well being-ISAC alert focuses extra on concentrating on TeamViewer connections.
NCC Group instructed BleepingComputer that that they had nothing additional so as to add when contacted for extra info.
“As a part of our Menace Intelligence service to our shoppers, we problem alerts regularly primarily based on quite a lot of sources and intelligence,” NCC Group instructed BleepingComputer.
“At the moment, we do not need something additional so as to add to the alert that was despatched to our shoppers.”
BleepingComputer additionally contacted TeamViewer with questions in regards to the assault however was instructed no additional info can be shared as they investigated the incident.
Replace 6/27/24: Added assertion from NCC Group.
The distant entry software program firm TeamViewer is warning that its company atmosphere was breached in a cyberattack yesterday, with a cybersecurity agency claiming it was by an APT hacking group.
“On Wednesday, 26 June 2024, our safety group detected an irregularity in TeamViewer’s inner company IT atmosphere,” TeamViewer stated in a put up to its Belief Heart.
“We instantly activated our response group and procedures, began investigations along with a group of worldwide famend cyber safety specialists and applied mandatory remediation measures.”
“TeamViewer’s inner company IT atmosphere is totally impartial from the product atmosphere. There isn’t a proof to counsel that the product atmosphere or buyer information is affected. Investigations are ongoing and our major focus stays to make sure the integrity of our programs.”
The corporate says that it plans to be clear in regards to the breach and can constantly replace the standing of its investigation as extra info turns into obtainable.
Nevertheless, although they are saying they purpose to be clear, the “TeamViewer IT safety replace” web page comprises a HTML tag, which prevents the doc from being listed by serps and thus onerous to seek out.
TeamViewer is a very fashionable distant entry software program that enables customers to remotely management a pc and use it as in the event that they have been sitting in entrance of the system. The corporate says its product is at present utilized by over 640,000 prospects worldwide and has been put in on over 2.5 billion units because the firm launched.
Whereas TeamViewer states there isn’t any proof that its product atmosphere or buyer information has been breached, its large use in each client and company environments makes any breach a major concern as it will present full entry to inner networks.
In 2019, TeamViewer confirmed a 2016 breach linked to Chinese language risk actors as a result of their use of the Winnti backdoor. The corporate stated they didn’t disclose the breach on the time as information was not stolen within the assault.
Alleged APT group behind assault
Information of the breach was first reported on Mastodon by IT safety skilled Jeffrey, who shared parts of an alert shared on the Dutch Digital Belief Heart, an internet portal utilized by the federal government, safety specialists, and Dutch companies to share details about cybersecurity threats.
“The NCC Group International Menace Intelligence group has been made conscious of serious compromise of the TeamViewer distant entry and help platform by an APT group,” warns an alert from the IT safety agency NCC Group.
“As a result of widespread utilization of this software program the next alert is being circulated securely to our prospects.”
An alert from Well being-ISAC, a group for healthcare professionals to share risk intelligence, additionally warned as we speak that TeamViewer companies have been allegedly being actively focused by the Russian hacking group APT29, also referred to as Cozy Bear, NOBELIUM, and Midnight Blizzard.
“On June 27, 2024, Well being-ISAC acquired info from a trusted intelligence accomplice that APT29 is actively exploiting Teamviewer,” reads the Well being-ISAC alert shared by Jeffrey.
“Well being-ISAC recommends reviewing logs for any uncommon distant desktop site visitors. Menace actors have been noticed leveraging distant entry instruments. Teamviewer has been noticed being exploited by risk actors related to APT29.”
APT29 is a Russian superior persistent risk group linked to Russia’s International Intelligence Service (SVR). The hacking group is thought for its cyberespionage skills and has been linked to quite a few assaults over time, together with assaults on Western diplomats and a latest breach of Microsoft’s company e mail atmosphere.
Whereas the alerts from each firms come as we speak, simply as TeamViewer disclosed the incident, it’s unclear if they’re linked as TeamViewer’s and NCC’s alerts handle the company breach, whereas the Well being-ISAC alert focuses extra on concentrating on TeamViewer connections.
NCC Group instructed BleepingComputer that that they had nothing additional so as to add when contacted for extra info.
“As a part of our Menace Intelligence service to our shoppers, we problem alerts regularly primarily based on quite a lot of sources and intelligence,” NCC Group instructed BleepingComputer.
“At the moment, we do not need something additional so as to add to the alert that was despatched to our shoppers.”
BleepingComputer additionally contacted TeamViewer with questions in regards to the assault however was instructed no additional info can be shared as they investigated the incident.
Replace 6/27/24: Added assertion from NCC Group.
The distant entry software program firm TeamViewer is warning that its company atmosphere was breached in a cyberattack yesterday, with a cybersecurity agency claiming it was by an APT hacking group.
“On Wednesday, 26 June 2024, our safety group detected an irregularity in TeamViewer’s inner company IT atmosphere,” TeamViewer stated in a put up to its Belief Heart.
“We instantly activated our response group and procedures, began investigations along with a group of worldwide famend cyber safety specialists and applied mandatory remediation measures.”
“TeamViewer’s inner company IT atmosphere is totally impartial from the product atmosphere. There isn’t a proof to counsel that the product atmosphere or buyer information is affected. Investigations are ongoing and our major focus stays to make sure the integrity of our programs.”
The corporate says that it plans to be clear in regards to the breach and can constantly replace the standing of its investigation as extra info turns into obtainable.
Nevertheless, although they are saying they purpose to be clear, the “TeamViewer IT safety replace” web page comprises a HTML tag, which prevents the doc from being listed by serps and thus onerous to seek out.
TeamViewer is a very fashionable distant entry software program that enables customers to remotely management a pc and use it as in the event that they have been sitting in entrance of the system. The corporate says its product is at present utilized by over 640,000 prospects worldwide and has been put in on over 2.5 billion units because the firm launched.
Whereas TeamViewer states there isn’t any proof that its product atmosphere or buyer information has been breached, its large use in each client and company environments makes any breach a major concern as it will present full entry to inner networks.
In 2019, TeamViewer confirmed a 2016 breach linked to Chinese language risk actors as a result of their use of the Winnti backdoor. The corporate stated they didn’t disclose the breach on the time as information was not stolen within the assault.
Alleged APT group behind assault
Information of the breach was first reported on Mastodon by IT safety skilled Jeffrey, who shared parts of an alert shared on the Dutch Digital Belief Heart, an internet portal utilized by the federal government, safety specialists, and Dutch companies to share details about cybersecurity threats.
“The NCC Group International Menace Intelligence group has been made conscious of serious compromise of the TeamViewer distant entry and help platform by an APT group,” warns an alert from the IT safety agency NCC Group.
“As a result of widespread utilization of this software program the next alert is being circulated securely to our prospects.”
An alert from Well being-ISAC, a group for healthcare professionals to share risk intelligence, additionally warned as we speak that TeamViewer companies have been allegedly being actively focused by the Russian hacking group APT29, also referred to as Cozy Bear, NOBELIUM, and Midnight Blizzard.
“On June 27, 2024, Well being-ISAC acquired info from a trusted intelligence accomplice that APT29 is actively exploiting Teamviewer,” reads the Well being-ISAC alert shared by Jeffrey.
“Well being-ISAC recommends reviewing logs for any uncommon distant desktop site visitors. Menace actors have been noticed leveraging distant entry instruments. Teamviewer has been noticed being exploited by risk actors related to APT29.”
APT29 is a Russian superior persistent risk group linked to Russia’s International Intelligence Service (SVR). The hacking group is thought for its cyberespionage skills and has been linked to quite a few assaults over time, together with assaults on Western diplomats and a latest breach of Microsoft’s company e mail atmosphere.
Whereas the alerts from each firms come as we speak, simply as TeamViewer disclosed the incident, it’s unclear if they’re linked as TeamViewer’s and NCC’s alerts handle the company breach, whereas the Well being-ISAC alert focuses extra on concentrating on TeamViewer connections.
NCC Group instructed BleepingComputer that that they had nothing additional so as to add when contacted for extra info.
“As a part of our Menace Intelligence service to our shoppers, we problem alerts regularly primarily based on quite a lot of sources and intelligence,” NCC Group instructed BleepingComputer.
“At the moment, we do not need something additional so as to add to the alert that was despatched to our shoppers.”
BleepingComputer additionally contacted TeamViewer with questions in regards to the assault however was instructed no additional info can be shared as they investigated the incident.
Replace 6/27/24: Added assertion from NCC Group.
The distant entry software program firm TeamViewer is warning that its company atmosphere was breached in a cyberattack yesterday, with a cybersecurity agency claiming it was by an APT hacking group.
“On Wednesday, 26 June 2024, our safety group detected an irregularity in TeamViewer’s inner company IT atmosphere,” TeamViewer stated in a put up to its Belief Heart.
“We instantly activated our response group and procedures, began investigations along with a group of worldwide famend cyber safety specialists and applied mandatory remediation measures.”
“TeamViewer’s inner company IT atmosphere is totally impartial from the product atmosphere. There isn’t a proof to counsel that the product atmosphere or buyer information is affected. Investigations are ongoing and our major focus stays to make sure the integrity of our programs.”
The corporate says that it plans to be clear in regards to the breach and can constantly replace the standing of its investigation as extra info turns into obtainable.
Nevertheless, although they are saying they purpose to be clear, the “TeamViewer IT safety replace” web page comprises a HTML tag, which prevents the doc from being listed by serps and thus onerous to seek out.
TeamViewer is a very fashionable distant entry software program that enables customers to remotely management a pc and use it as in the event that they have been sitting in entrance of the system. The corporate says its product is at present utilized by over 640,000 prospects worldwide and has been put in on over 2.5 billion units because the firm launched.
Whereas TeamViewer states there isn’t any proof that its product atmosphere or buyer information has been breached, its large use in each client and company environments makes any breach a major concern as it will present full entry to inner networks.
In 2019, TeamViewer confirmed a 2016 breach linked to Chinese language risk actors as a result of their use of the Winnti backdoor. The corporate stated they didn’t disclose the breach on the time as information was not stolen within the assault.
Alleged APT group behind assault
Information of the breach was first reported on Mastodon by IT safety skilled Jeffrey, who shared parts of an alert shared on the Dutch Digital Belief Heart, an internet portal utilized by the federal government, safety specialists, and Dutch companies to share details about cybersecurity threats.
“The NCC Group International Menace Intelligence group has been made conscious of serious compromise of the TeamViewer distant entry and help platform by an APT group,” warns an alert from the IT safety agency NCC Group.
“As a result of widespread utilization of this software program the next alert is being circulated securely to our prospects.”
An alert from Well being-ISAC, a group for healthcare professionals to share risk intelligence, additionally warned as we speak that TeamViewer companies have been allegedly being actively focused by the Russian hacking group APT29, also referred to as Cozy Bear, NOBELIUM, and Midnight Blizzard.
“On June 27, 2024, Well being-ISAC acquired info from a trusted intelligence accomplice that APT29 is actively exploiting Teamviewer,” reads the Well being-ISAC alert shared by Jeffrey.
“Well being-ISAC recommends reviewing logs for any uncommon distant desktop site visitors. Menace actors have been noticed leveraging distant entry instruments. Teamviewer has been noticed being exploited by risk actors related to APT29.”
APT29 is a Russian superior persistent risk group linked to Russia’s International Intelligence Service (SVR). The hacking group is thought for its cyberespionage skills and has been linked to quite a few assaults over time, together with assaults on Western diplomats and a latest breach of Microsoft’s company e mail atmosphere.
Whereas the alerts from each firms come as we speak, simply as TeamViewer disclosed the incident, it’s unclear if they’re linked as TeamViewer’s and NCC’s alerts handle the company breach, whereas the Well being-ISAC alert focuses extra on concentrating on TeamViewer connections.
NCC Group instructed BleepingComputer that that they had nothing additional so as to add when contacted for extra info.
“As a part of our Menace Intelligence service to our shoppers, we problem alerts regularly primarily based on quite a lot of sources and intelligence,” NCC Group instructed BleepingComputer.
“At the moment, we do not need something additional so as to add to the alert that was despatched to our shoppers.”
BleepingComputer additionally contacted TeamViewer with questions in regards to the assault however was instructed no additional info can be shared as they investigated the incident.
Replace 6/27/24: Added assertion from NCC Group.
The distant entry software program firm TeamViewer is warning that its company atmosphere was breached in a cyberattack yesterday, with a cybersecurity agency claiming it was by an APT hacking group.
“On Wednesday, 26 June 2024, our safety group detected an irregularity in TeamViewer’s inner company IT atmosphere,” TeamViewer stated in a put up to its Belief Heart.
“We instantly activated our response group and procedures, began investigations along with a group of worldwide famend cyber safety specialists and applied mandatory remediation measures.”
“TeamViewer’s inner company IT atmosphere is totally impartial from the product atmosphere. There isn’t a proof to counsel that the product atmosphere or buyer information is affected. Investigations are ongoing and our major focus stays to make sure the integrity of our programs.”
The corporate says that it plans to be clear in regards to the breach and can constantly replace the standing of its investigation as extra info turns into obtainable.
Nevertheless, although they are saying they purpose to be clear, the “TeamViewer IT safety replace” web page comprises a HTML tag, which prevents the doc from being listed by serps and thus onerous to seek out.
TeamViewer is a very fashionable distant entry software program that enables customers to remotely management a pc and use it as in the event that they have been sitting in entrance of the system. The corporate says its product is at present utilized by over 640,000 prospects worldwide and has been put in on over 2.5 billion units because the firm launched.
Whereas TeamViewer states there isn’t any proof that its product atmosphere or buyer information has been breached, its large use in each client and company environments makes any breach a major concern as it will present full entry to inner networks.
In 2019, TeamViewer confirmed a 2016 breach linked to Chinese language risk actors as a result of their use of the Winnti backdoor. The corporate stated they didn’t disclose the breach on the time as information was not stolen within the assault.
Alleged APT group behind assault
Information of the breach was first reported on Mastodon by IT safety skilled Jeffrey, who shared parts of an alert shared on the Dutch Digital Belief Heart, an internet portal utilized by the federal government, safety specialists, and Dutch companies to share details about cybersecurity threats.
“The NCC Group International Menace Intelligence group has been made conscious of serious compromise of the TeamViewer distant entry and help platform by an APT group,” warns an alert from the IT safety agency NCC Group.
“As a result of widespread utilization of this software program the next alert is being circulated securely to our prospects.”
An alert from Well being-ISAC, a group for healthcare professionals to share risk intelligence, additionally warned as we speak that TeamViewer companies have been allegedly being actively focused by the Russian hacking group APT29, also referred to as Cozy Bear, NOBELIUM, and Midnight Blizzard.
“On June 27, 2024, Well being-ISAC acquired info from a trusted intelligence accomplice that APT29 is actively exploiting Teamviewer,” reads the Well being-ISAC alert shared by Jeffrey.
“Well being-ISAC recommends reviewing logs for any uncommon distant desktop site visitors. Menace actors have been noticed leveraging distant entry instruments. Teamviewer has been noticed being exploited by risk actors related to APT29.”
APT29 is a Russian superior persistent risk group linked to Russia’s International Intelligence Service (SVR). The hacking group is thought for its cyberespionage skills and has been linked to quite a few assaults over time, together with assaults on Western diplomats and a latest breach of Microsoft’s company e mail atmosphere.
Whereas the alerts from each firms come as we speak, simply as TeamViewer disclosed the incident, it’s unclear if they’re linked as TeamViewer’s and NCC’s alerts handle the company breach, whereas the Well being-ISAC alert focuses extra on concentrating on TeamViewer connections.
NCC Group instructed BleepingComputer that that they had nothing additional so as to add when contacted for extra info.
“As a part of our Menace Intelligence service to our shoppers, we problem alerts regularly primarily based on quite a lot of sources and intelligence,” NCC Group instructed BleepingComputer.
“At the moment, we do not need something additional so as to add to the alert that was despatched to our shoppers.”
BleepingComputer additionally contacted TeamViewer with questions in regards to the assault however was instructed no additional info can be shared as they investigated the incident.
Replace 6/27/24: Added assertion from NCC Group.
The distant entry software program firm TeamViewer is warning that its company atmosphere was breached in a cyberattack yesterday, with a cybersecurity agency claiming it was by an APT hacking group.
“On Wednesday, 26 June 2024, our safety group detected an irregularity in TeamViewer’s inner company IT atmosphere,” TeamViewer stated in a put up to its Belief Heart.
“We instantly activated our response group and procedures, began investigations along with a group of worldwide famend cyber safety specialists and applied mandatory remediation measures.”
“TeamViewer’s inner company IT atmosphere is totally impartial from the product atmosphere. There isn’t a proof to counsel that the product atmosphere or buyer information is affected. Investigations are ongoing and our major focus stays to make sure the integrity of our programs.”
The corporate says that it plans to be clear in regards to the breach and can constantly replace the standing of its investigation as extra info turns into obtainable.
Nevertheless, although they are saying they purpose to be clear, the “TeamViewer IT safety replace” web page comprises a HTML tag, which prevents the doc from being listed by serps and thus onerous to seek out.
TeamViewer is a very fashionable distant entry software program that enables customers to remotely management a pc and use it as in the event that they have been sitting in entrance of the system. The corporate says its product is at present utilized by over 640,000 prospects worldwide and has been put in on over 2.5 billion units because the firm launched.
Whereas TeamViewer states there isn’t any proof that its product atmosphere or buyer information has been breached, its large use in each client and company environments makes any breach a major concern as it will present full entry to inner networks.
In 2019, TeamViewer confirmed a 2016 breach linked to Chinese language risk actors as a result of their use of the Winnti backdoor. The corporate stated they didn’t disclose the breach on the time as information was not stolen within the assault.
Alleged APT group behind assault
Information of the breach was first reported on Mastodon by IT safety skilled Jeffrey, who shared parts of an alert shared on the Dutch Digital Belief Heart, an internet portal utilized by the federal government, safety specialists, and Dutch companies to share details about cybersecurity threats.
“The NCC Group International Menace Intelligence group has been made conscious of serious compromise of the TeamViewer distant entry and help platform by an APT group,” warns an alert from the IT safety agency NCC Group.
“As a result of widespread utilization of this software program the next alert is being circulated securely to our prospects.”
An alert from Well being-ISAC, a group for healthcare professionals to share risk intelligence, additionally warned as we speak that TeamViewer companies have been allegedly being actively focused by the Russian hacking group APT29, also referred to as Cozy Bear, NOBELIUM, and Midnight Blizzard.
“On June 27, 2024, Well being-ISAC acquired info from a trusted intelligence accomplice that APT29 is actively exploiting Teamviewer,” reads the Well being-ISAC alert shared by Jeffrey.
“Well being-ISAC recommends reviewing logs for any uncommon distant desktop site visitors. Menace actors have been noticed leveraging distant entry instruments. Teamviewer has been noticed being exploited by risk actors related to APT29.”
APT29 is a Russian superior persistent risk group linked to Russia’s International Intelligence Service (SVR). The hacking group is thought for its cyberespionage skills and has been linked to quite a few assaults over time, together with assaults on Western diplomats and a latest breach of Microsoft’s company e mail atmosphere.
Whereas the alerts from each firms come as we speak, simply as TeamViewer disclosed the incident, it’s unclear if they’re linked as TeamViewer’s and NCC’s alerts handle the company breach, whereas the Well being-ISAC alert focuses extra on concentrating on TeamViewer connections.
NCC Group instructed BleepingComputer that that they had nothing additional so as to add when contacted for extra info.
“As a part of our Menace Intelligence service to our shoppers, we problem alerts regularly primarily based on quite a lot of sources and intelligence,” NCC Group instructed BleepingComputer.
“At the moment, we do not need something additional so as to add to the alert that was despatched to our shoppers.”
BleepingComputer additionally contacted TeamViewer with questions in regards to the assault however was instructed no additional info can be shared as they investigated the incident.
Replace 6/27/24: Added assertion from NCC Group.
The distant entry software program firm TeamViewer is warning that its company atmosphere was breached in a cyberattack yesterday, with a cybersecurity agency claiming it was by an APT hacking group.
“On Wednesday, 26 June 2024, our safety group detected an irregularity in TeamViewer’s inner company IT atmosphere,” TeamViewer stated in a put up to its Belief Heart.
“We instantly activated our response group and procedures, began investigations along with a group of worldwide famend cyber safety specialists and applied mandatory remediation measures.”
“TeamViewer’s inner company IT atmosphere is totally impartial from the product atmosphere. There isn’t a proof to counsel that the product atmosphere or buyer information is affected. Investigations are ongoing and our major focus stays to make sure the integrity of our programs.”
The corporate says that it plans to be clear in regards to the breach and can constantly replace the standing of its investigation as extra info turns into obtainable.
Nevertheless, although they are saying they purpose to be clear, the “TeamViewer IT safety replace” web page comprises a HTML tag, which prevents the doc from being listed by serps and thus onerous to seek out.
TeamViewer is a very fashionable distant entry software program that enables customers to remotely management a pc and use it as in the event that they have been sitting in entrance of the system. The corporate says its product is at present utilized by over 640,000 prospects worldwide and has been put in on over 2.5 billion units because the firm launched.
Whereas TeamViewer states there isn’t any proof that its product atmosphere or buyer information has been breached, its large use in each client and company environments makes any breach a major concern as it will present full entry to inner networks.
In 2019, TeamViewer confirmed a 2016 breach linked to Chinese language risk actors as a result of their use of the Winnti backdoor. The corporate stated they didn’t disclose the breach on the time as information was not stolen within the assault.
Alleged APT group behind assault
Information of the breach was first reported on Mastodon by IT safety skilled Jeffrey, who shared parts of an alert shared on the Dutch Digital Belief Heart, an internet portal utilized by the federal government, safety specialists, and Dutch companies to share details about cybersecurity threats.
“The NCC Group International Menace Intelligence group has been made conscious of serious compromise of the TeamViewer distant entry and help platform by an APT group,” warns an alert from the IT safety agency NCC Group.
“As a result of widespread utilization of this software program the next alert is being circulated securely to our prospects.”
An alert from Well being-ISAC, a group for healthcare professionals to share risk intelligence, additionally warned as we speak that TeamViewer companies have been allegedly being actively focused by the Russian hacking group APT29, also referred to as Cozy Bear, NOBELIUM, and Midnight Blizzard.
“On June 27, 2024, Well being-ISAC acquired info from a trusted intelligence accomplice that APT29 is actively exploiting Teamviewer,” reads the Well being-ISAC alert shared by Jeffrey.
“Well being-ISAC recommends reviewing logs for any uncommon distant desktop site visitors. Menace actors have been noticed leveraging distant entry instruments. Teamviewer has been noticed being exploited by risk actors related to APT29.”
APT29 is a Russian superior persistent risk group linked to Russia’s International Intelligence Service (SVR). The hacking group is thought for its cyberespionage skills and has been linked to quite a few assaults over time, together with assaults on Western diplomats and a latest breach of Microsoft’s company e mail atmosphere.
Whereas the alerts from each firms come as we speak, simply as TeamViewer disclosed the incident, it’s unclear if they’re linked as TeamViewer’s and NCC’s alerts handle the company breach, whereas the Well being-ISAC alert focuses extra on concentrating on TeamViewer connections.
NCC Group instructed BleepingComputer that that they had nothing additional so as to add when contacted for extra info.
“As a part of our Menace Intelligence service to our shoppers, we problem alerts regularly primarily based on quite a lot of sources and intelligence,” NCC Group instructed BleepingComputer.
“At the moment, we do not need something additional so as to add to the alert that was despatched to our shoppers.”
BleepingComputer additionally contacted TeamViewer with questions in regards to the assault however was instructed no additional info can be shared as they investigated the incident.
Replace 6/27/24: Added assertion from NCC Group.
The distant entry software program firm TeamViewer is warning that its company atmosphere was breached in a cyberattack yesterday, with a cybersecurity agency claiming it was by an APT hacking group.
“On Wednesday, 26 June 2024, our safety group detected an irregularity in TeamViewer’s inner company IT atmosphere,” TeamViewer stated in a put up to its Belief Heart.
“We instantly activated our response group and procedures, began investigations along with a group of worldwide famend cyber safety specialists and applied mandatory remediation measures.”
“TeamViewer’s inner company IT atmosphere is totally impartial from the product atmosphere. There isn’t a proof to counsel that the product atmosphere or buyer information is affected. Investigations are ongoing and our major focus stays to make sure the integrity of our programs.”
The corporate says that it plans to be clear in regards to the breach and can constantly replace the standing of its investigation as extra info turns into obtainable.
Nevertheless, although they are saying they purpose to be clear, the “TeamViewer IT safety replace” web page comprises a HTML tag, which prevents the doc from being listed by serps and thus onerous to seek out.
TeamViewer is a very fashionable distant entry software program that enables customers to remotely management a pc and use it as in the event that they have been sitting in entrance of the system. The corporate says its product is at present utilized by over 640,000 prospects worldwide and has been put in on over 2.5 billion units because the firm launched.
Whereas TeamViewer states there isn’t any proof that its product atmosphere or buyer information has been breached, its large use in each client and company environments makes any breach a major concern as it will present full entry to inner networks.
In 2019, TeamViewer confirmed a 2016 breach linked to Chinese language risk actors as a result of their use of the Winnti backdoor. The corporate stated they didn’t disclose the breach on the time as information was not stolen within the assault.
Alleged APT group behind assault
Information of the breach was first reported on Mastodon by IT safety skilled Jeffrey, who shared parts of an alert shared on the Dutch Digital Belief Heart, an internet portal utilized by the federal government, safety specialists, and Dutch companies to share details about cybersecurity threats.
“The NCC Group International Menace Intelligence group has been made conscious of serious compromise of the TeamViewer distant entry and help platform by an APT group,” warns an alert from the IT safety agency NCC Group.
“As a result of widespread utilization of this software program the next alert is being circulated securely to our prospects.”
An alert from Well being-ISAC, a group for healthcare professionals to share risk intelligence, additionally warned as we speak that TeamViewer companies have been allegedly being actively focused by the Russian hacking group APT29, also referred to as Cozy Bear, NOBELIUM, and Midnight Blizzard.
“On June 27, 2024, Well being-ISAC acquired info from a trusted intelligence accomplice that APT29 is actively exploiting Teamviewer,” reads the Well being-ISAC alert shared by Jeffrey.
“Well being-ISAC recommends reviewing logs for any uncommon distant desktop site visitors. Menace actors have been noticed leveraging distant entry instruments. Teamviewer has been noticed being exploited by risk actors related to APT29.”
APT29 is a Russian superior persistent risk group linked to Russia’s International Intelligence Service (SVR). The hacking group is thought for its cyberespionage skills and has been linked to quite a few assaults over time, together with assaults on Western diplomats and a latest breach of Microsoft’s company e mail atmosphere.
Whereas the alerts from each firms come as we speak, simply as TeamViewer disclosed the incident, it’s unclear if they’re linked as TeamViewer’s and NCC’s alerts handle the company breach, whereas the Well being-ISAC alert focuses extra on concentrating on TeamViewer connections.
NCC Group instructed BleepingComputer that that they had nothing additional so as to add when contacted for extra info.
“As a part of our Menace Intelligence service to our shoppers, we problem alerts regularly primarily based on quite a lot of sources and intelligence,” NCC Group instructed BleepingComputer.
“At the moment, we do not need something additional so as to add to the alert that was despatched to our shoppers.”
BleepingComputer additionally contacted TeamViewer with questions in regards to the assault however was instructed no additional info can be shared as they investigated the incident.
Replace 6/27/24: Added assertion from NCC Group.