Threat actor used compromised employee account to hack TeamViewer
A taskforce is still investigating the cybersecurity incident at TeamViewer. Preliminary results show that the attacker used a compromised employee account to access the company’s corporate IT environment.
In a statement, TeamViewer told the press it found an ‘irregularity’ in its internal corporate IT environment. Remediation measures and the segregation of the various parts of the corporate network made sure the impact of the hack on the day-to-day business was limited.
Since the initial statement TeamViewer has released several updates regarding the security incident. First of all, a taskforce consisting of TeamViewer’s security team and third-party security experts has been working 24/7 to ascertain the cause, extent and impact of the incident.
Researchers think threat actor APT29, also known as Cozy Bear, Nobelium and Midnight Blizzard, is responsible for the unauthorized access to TeamViewer’s corporate IT environment. There is no evidence the attackers gained access to TeamViewer’s product environment or customer data.
How did APT29 access TeamViewer’s corporate IT environment? According to the researchers the attackers used a compromised employee account. With it they were able to copy employee directory data, including names, corporate contact information and encrypted employee passwords for the corporate IT environment.
To minimize the risk that more confidential data will be stolen, TeamViewer proactively took additional safety measures.
“The risk associated with the encrypted passwords contained in the directory has been mitigated in collaboration with leading experts from our incident response partner Microsoft. We hardened authentication procedures for our employees to a maximum level and implemented further strong protection layers. Additionally, we have started to rebuild the internal corporate IT environment towards a fully trusted state,” the company says in a recent update.
APT29 is a hacking group that operates from Russia and is linked to the Russian foreign intelligence service SVR. APT29 is believed to be responsible for many cyberespionage activities on politicians in Western countries.
Your email address will not be published. Required fields are marked