TeamViewer Falls Victim to Alleged Kremlin-Backed Cyber Attack

Penka Hristovska
Penka Hristovska Senior Editor
Published on: July 3, 2024
Penka Hristovska Penka Hristovska
Published on: July 3, 2024 Senior Editor

Software company TeamViewer has reported that one of its networks has been breached, and suspects that a Kremlin-backed group is behind it.

The company, which offers software for remote computer control and management, as well as tools for accessing systems via the web, initially said its security team had “detected an irregularity” within one of its networks, indicating a breach.

According to the announcement, the “irregularity” was detected within TeamViewer’s corporate IT environment last week. In response, the company promptly called in cybersecurity investigators, implemented necessary remediation measures, and activated its incident response team and processes.

TeamViewer added that “we keep all servers, networks, and accounts strictly separate to help prevent unauthorized access and lateral movement between the different environments. This segregation is one of the multiple layers of protection in our ‘defense in-depth’ approach.”

“Based on current findings of the investigation, the attack was contained within the Corporate IT environment and there is no evidence that the threat actor gained access to our product environment or customer data,” the company explained.

In a later update, TeamViewer said it found that a compromised employee account allowed hackers, allegedly linked to the Russian government, to breach TeamViewer’s internal corporate IT environment and steal encrypted passwords.

TeamViewer reported that a Kremlin-backed group, identified as APT29, managed to copy employee directory data, including names, corporate contact information, and encrypted passwords for the company’s internal IT environment.

“The risk associated with the encrypted passwords contained in the directory has been mitigated in collaboration with leading experts from our incident response partner Microsoft,” the company said.

The company reiterated that the hackers didn’t access the product environment or customer data and that the breach appears to be contained.

“We hardened authentication procedures for our employees to a maximum level and implemented further strong protection layers. Additionally, we have started to rebuild the internal corporate IT environment towards a fully trusted state,” TeamViewer’s statement reads.

About the Author
Penka Hristovska
Penka Hristovska
Senior Editor
Published on: July 3, 2024

About the Author

Penka Hristovska is an editor at SafetyDetectives. She was an editor at several review sites that covered all things technology — including VPNs and password managers — and had previously written on various topics, from online security and gaming to computer hardware. She’s highly interested in the latest developments in the cybersecurity space and enjoys learning about new trends in the tech sector. When she’s not in “research mode,” she’s probably re-watching Lord of The Rings or playing DOTA 2 with her friends.

Leave a Comment