Powered by MOMENTUM MEDIA
cyber daily logo

Breaking news and updates daily. Subscribe to our Newsletter

Breaking news and updates daily. Subscribe to our Newsletter X facebook linkedin Instagram Instagram

TeamViewer detects data breach as researchers attribute it to APT29

Remote access software program TeamViewer has announced that it detected suspicious activity on its network, with researchers claiming that an APT group breached its systems.

user icon Daniel Croft
Fri, 28 Jun 2024
TeamViewer detects data breach as researchers attribute it to APT29
expand image

The company released a brief statement earlier this week announcing the incident.

“On Wednesday, 26 June 2024, our security team detected an irregularity in TeamViewer’s internal corporate IT environment,” TeamViewer said.

“We immediately activated our response team and procedures, started investigations together with a team of globally renowned cyber security experts and implemented necessary remediation measures.”

============
============

TeamViewer stressed that its corporate IT environment and product environment are separate entities and that there is nothing to suggest that the product environment or any customer data was affected.

“Investigations are ongoing, and our primary focus remains to ensure the integrity of our systems,” TeamViewer said.

“Security is of utmost importance for us, it is deeply rooted in our DNA. Therefore, we value transparent communication and will continuously update the status of our investigations as new information becomes available.”

While TeamViewer was hesitant to use the words cyber attack or data breach, researchers believe that Russian APT group APT29, also known as Cozy Bear, was behind the attack.

APT29 is a group believed to be connected to Russia’s Foreign Intelligence Service (SVR). It is typically known for targeting European and NATO member governments and research institutes.

News of the breach was first reported by IT researcher Jeffrey on Mastodon, who shared that NCC Group Global Threat Intelligence accused an APT group of being responsible.

“The NCC Group Global Threat Intelligence team has been made aware of significant compromise of the TeamViewer remote access and support platform by an APT group. Due to the widespread usage of this software the following alert is being circulated securely to our customers,” the NCC Group said in the notice shared by Jeffrey.

Just hours afterwards, Jeffrey shared that HEALTH-ISAC concluded Cozy Bear was behind the incident.

“On June 27, 2024, Health-ISAC received information from a trusted intelligence partner that APT29 is actively exploiting TeamViewer. Health-ISAC recommends reviewing logs for any unusual remote desktop traffic. Threat actors have been observed leveraging remote access tools,” Health-ISAC said in the statement shared by Jeffrey.

“TeamViewer has been observed being exploited by threat actors associated with APT29.”

Daniel Croft

Daniel Croft

Born in the heart of Western Sydney, Daniel Croft is a passionate journalist with an understanding for and experience writing in the technology space. Having studied at Macquarie University, he joined Momentum Media in 2022, writing across a number of publications including Australian Aviation, Cyber Security Connect and Defence Connect. Outside of writing, Daniel has a keen interest in music, and spends his time playing in bands around Sydney.

newsletter
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.