Cybersecurity breach of TeamViewer Corporate environment by APT29

TeamViewer, a remote monitoring and management tool based in Germany, has reported a security breach within its internal corporate IT environment. The incident occurred on June 26, 2024, prompting immediate remedial actions to prevent any potential data compromise.

The company, known for serving over 600,000 active customers, reassured the public that no customer data was illicitly accessed by the hackers responsible for the breach. TeamViewer has since launched a thorough investigation into the incident, identifying it as an attack carried out by a state-sponsored hacking group known as APT29 aka cozy bear. The breach was reportedly facilitated by the theft of an employee’s credentials, raising concerns about potential unauthorized access.

In response to the breach, TeamViewer has deployed incident response teams to mitigate any operational disruptions caused by the cyber attack on its corporate IT infrastructure. The company emphasizes its commitment to security, highlighting features such as multi-factor authentication and options for blocking or allowing specific connections. Passwords are safeguarded against brute force attacks, and additional security measures like fingerprint biometrics are available to enhance device protection.

Notably, TeamViewer faced scrutiny in June 2016 following unauthorized access incidents in China, attributed at the time to weak, easily guessable passwords. The company subsequently took steps to address these vulnerabilities to prevent misuse and enhance overall security protocols.

APT29 also known as Midnight Blizzard is a threat group that is affiliated to Russian Foreign Intelligence Services and works for Kremlin in gathering intelligence. This group of criminals is operating since 2008, and till date has been primarily targeting government networks in Europe and NATO members. Since June 2015, it shifted its focus in targeting Democratic National Committee and in April 2021 compromised SolarWinds software, thereafter targeting the software provider’s client companies.

Naveen Goud
Naveen Goud is a writer at Cybersecurity Insiders covering topics such as Mergers & Acquisitions, Startups, Cyber Attacks, Cloud Security and Mobile Security

No posts to display