Distant software program supplier TeamViewer has been hit by a cyber-attack that it has attributed to Russian state-affiliated risk actor Midnight Blizzard/APT29.
The agency revealed it recognized suspicious conduct on a regular worker account inside its company IT setting on Wednesday, June 26. It has tied the incident to the credentials of that account.
TeamViewer mentioned its safety staff was in a position to include the assault inside its company IT setting, with no proof the risk actor gained entry to its product setting or buyer information.
“Following best-practice structure, we’ve got a powerful segregation of the Company IT, the manufacturing setting, and the TeamViewer connectivity platform in place. This implies we hold all servers, networks, and accounts strictly separate to assist forestall unauthorized entry and lateral motion between the totally different environments,” the agency said.
TeamViewer added that it’s in “fixed alternate” with risk intelligence suppliers and related authorities because it continues to analyze the incident.
Assault Attributed to Russian State Group
TeamViewer, along with exterior incident response help, presently attributes the assault to the Midnight Blizzard/APT29 risk actor.
Midnight Blizzard is an APT group that’s linked to Russia’s overseas intelligence service (SVR). It’s recognized to specialise in espionage and intelligence gathering operations towards governments and important industries.
In January 2024, Microsoft revealed the group compromised the e-mail accounts of a few of its senior management staff. The agency later revealed Midnight Blizzard used data exfiltrated from its company e-mail methods to achieve entry to supply code and inside methods.
In June 2024, French cybersecurity company ANSSI mentioned the group has been repeatedly concentrating on French diplomatic entities and public organizations since 2021.
Commenting on the story, John Hultquist, Mandiant Chief Analyst, Google Cloud, defined that Midnight Blizzard is thought to conduct provide chain assaults on tech corporations to achieve helpful intelligence on their clients on behalf of the Russian state.
“Usually they’re in search of perception into overseas affairs, with a specific emphasis on help for Ukraine, they usually goal authorities and associated organizations for that data. Lately they’ve focused political events in Germany as effectively,” he mentioned.
Healthcare Warned of Energetic Exploitation
Distant software program companies like TeamViewer are regularly utilized by risk actors to achieve preliminary entry and establishing persistence on track networks.
TeamViewer is utilized in various important sectors, together with manufacturing, healthcare and public sector organizations.
The US Well being Info Sharing and Evaluation Middle (H-ISAC) has issued a risk bulletin warning healthcare organizations of the lively exploitation of TeamViewer.
The company is recommending that customers allow two-factor authentication and use the allowlist and blocklist to regulate who can connect with their units, amongst different measures.
Wirestock Creators / Shutterstock.com
/cdn.vox-cdn.com/uploads/chorus_asset/file/25510864/airgo_vision_3.jpg "Here comes a Meta Ray-Bans challenger with ChatGPT-4o and a camera")
