TeamViewer, the company that makes widely used remote access tools for companies, has confirmed an ongoing cyber attack on its corporate network.
In a statement on Friday, the company attributed the compromise to government-backed hackers working for Russian intelligence, known as APT29 (and Midnight Blizzard).
The Germany-based company said its investigation so far points to an initial intrusion on June 26 “related to the credentials of a standard employee account within our corporate IT environment.”
TeamViewer said the cyberattack was “contained” to its corporate network and that the company keeps its internal network and customer systems separate. The company added that there is “no evidence that the threat actor gained access to our product environment or customer data.”
Martina Dier, a spokeswoman for TeamViewer, declined to answer a series of questions from TechCrunch, including whether the company has the technical capability, such as logs, to determine what, if any, data was accessed or extracted from its network.
TeamViewer is one of the most popular providers of remote access tools, allowing its corporate clients — including shipping giant DHL and beverage maker Coca-Cola, according to its website — to access devices and other computers over the Internet. The company says it has more than 600,000 paying customers and facilitates remote access to more than 2.5 billion devices worldwide.
TeamViewer is also known to be abused by malicious hackers for its ability to be used to remotely plant malware on the victim’s device.
It is not known how the TeamViewer employee’s credentials were compromised, and TeamViewer has not said.
The US government and security researchers attribute APT29 to hackers working for Russia’s foreign intelligence service, the SVR. APT29 is one of the most persistent, well-resourced government-backed hacker groups, and is known for using simple but effective hacking techniques – including password theft – to conduct long-running covert espionage campaigns. that rely on stealing sensitive data.
TeamViewer is the latest tech company targeted by Russia’s SVR recently. The same group of government hackers compromised Microsoft’s corporate network earlier this year to steal emails from top executives to learn what was known about the intruding hackers themselves. Microsoft said other technology companies were compromised during the ongoing Russian espionage campaign, and the US cybersecurity agency CISA confirmed that federal government emails hosted in Microsoft’s cloud were also stolen.
Months later, Microsoft said it was trying to remove hackers from its systems, calling the campaign a “sustained, significant commitment” of the Russian government’s “resources, coordination and focus.”
The US government also blamed Russia’s APT29 for the 2019-2020 espionage campaign targeting US software firm SolarWinds. The cyberattack saw a massive hacking of US federal government agencies by placing a stealthy malicious backdoor into SolarWinds’ flagship software. When the tainted software update was sent to SolarWinds customers, Russian hackers gained access to every network running the compromised software, including the Treasury, Justice Department and State Department.
Do you know more about the TeamViewer cyber attack? Get in touch. To contact this journalist, contact on Signal and WhatsApp at +1 646-755-8849, or by email. You can also send files and documents through SecureDrop.