TeamViewer, the popular remote access software company, announced a breach in its corporate IT environment on June 26, 2024. The company stated that an Advanced Persistent Threat (APT) hacking group might be responsible for the cyberattack. Although the breach did not affect the product environment or customer data, TeamViewer is working with global cybersecurity experts to investigate the incident and ensure the integrity of its systems.
Alleged APT Hack on TeamViewer’s Corporate Network
Security breach discovered
TeamViewer’s security team detected an irregularity in the company’s internal corporate IT environment on June 26, 2024. The team immediately activated response procedures, initiated investigations with renowned cybersecurity experts, and implemented necessary remediation measures.
No customer data or production environment affected
Investigations are ongoing, and TeamViewer has assured users that there is no evidence suggesting that the product environment or customer data is affected. The company’s internal corporate IT environment is separate from the product environment, minimizing the potential impact on customers.
Details of the APT Hack
Remote access software company TeamViewer involved
TeamViewer is a widely-used remote access software that enables users to remotely control a computer as if they were sitting in front of the device. The company boasts over 640,000 customers worldwide and has been installed on over 2.5 billion devices since its inception.
Network irregularity discovered
Upon discovering the network irregularity, TeamViewer’s security team initiated investigations and took necessary remediation measures. The company aims to be transparent about the breach and will continuously update the status of its investigation as more information becomes available.
Security team investigating the incident
TeamViewer is working with globally recognized cybersecurity experts to investigate the breach and ensure the integrity of its systems. The company has not disclosed further details about the APT group or the methods used in the attack.
Impact on TeamViewer and Its Users
TeamViewer’s response to the breach
TeamViewer has stated that it will be transparent about the breach and will continuously update users on the status of its investigation. However, the “TeamViewer IT security update” page contains a Code <meta name=”robots” content=”noindex”> HTML tag, which prevents the document from being indexed by search engines, making it difficult to find.
Concerns over customer and user data
TeamViewer has told users that there is no proof that customer data or the product environment has been compromised. However, the breach is worrying because the software is used so often in both personal and business settings. A breach could let anyone into internal networks, which is very dangerous for users.
Due to their use of the Winnti backdoor, Chinese threat actors were linked to a 2016 breach by TeamViewer in 2019. At the time, the company didn’t tell anyone about the breach because no data was stolen.
The latest breach may have been caused by APT29, a Russian advanced persistent threat group with ties to Russia’s Foreign Intelligence Service (SVR). The hacking group is known for being good at cyberespionage and has been linked to many attacks over the years, such as ones on Western diplomats and most recently, a breach of Microsoft’s business email system.
Even though both companies’ alerts came out at the same time that TeamViewer did, it is not clear if they are related. TeamViewer’s and NCC’s alerts are about the corporate breach, while Health-ISAC’s alert is more focused on targeting TeamViewer links.
