TeamViewer, a company that provides remote access tools for businesses, has confirmed that its corporate network has been breached by Russian hackers. The cyberattack, attributed to government-backed hackers working for Russian intelligence, began with an intrusion on June 26 through the credentials of a standard employee account in the company’s IT environment.
Despite the breach, TeamViewer stated that the cyberattack was contained within its corporate network and did not extend to its customer systems or product environment. The company reassured that there is no evidence of the threat actor accessing customer data. However, Martina Dier, a TeamViewer spokesperson, declined to provide details on whether any data was accessed or exfiltrated from the network.
TeamViewer is a popular choice for remote access among businesses, with over 600,000 paying customers and remote access to more than 2.5 billion devices worldwide. Unfortunately, the tool has also been exploited by malicious hackers for planting malware on victims’ devices remotely.
The exact method used to compromise the employee’s credentials remains unknown, as TeamViewer has not disclosed this information. However, the U.S. government and security researchers have linked the cyberattack to APT29, a hacking group associated with Russia’s SVR foreign intelligence service. APT29 is known for its sophisticated hacking techniques, including stealing passwords to conduct espionage campaigns and steal sensitive data.
This incident is not the first time that Russia’s SVR has targeted tech companies. Earlier this year, the same group compromised Microsoft’s corporate network to steal emails from executives. The ongoing Russian espionage campaign has affected multiple tech companies, with the U.S. cybersecurity agency confirming that federal government emails hosted on Microsoft’s cloud were also stolen.
Microsoft has struggled to remove the hackers from its systems, describing the campaign as a significant and sustained effort by the Russian government. APT29 was also behind the 2019-2020 espionage campaign targeting SolarWinds, where a hidden backdoor was planted in the company’s software, allowing access to numerous U.S. government agencies.
As the investigation into the TeamViewer cyberattack continues, the company urges anyone with more information to come forward. If you have details to share, you can contact the reporter via Signal, WhatsApp, or email. Your insights could be crucial in understanding and preventing future cyberattacks.
