A notorious Russian hacking group has breached the “corporate IT environment” of TeamViewer, a popular remote access software, although no customer data appears to have been impacted. TeamViewer on Thursday publicly disclosed the breach, which the company has since tied to the Russian state-sponsored hacking outfit Cozy Bear, also known as Midnight Blizzard. The breach could be far-reaching since TeamViewer is used across 400 million devices, often to help IT teams oversee and manage employee computers remotely. The same capabilities make the software a potent tool to help hackers spy on users and companies. But so far, TeamViewers says the breach only affected its corporate IT environment, which is segregated from the production environment for the actual TeamViewer product. “This means we keep all servers, networks, and accounts strictly separate to help prevent unauthorized access and lateral movement between the different environments,” the company adds. At the same time, TeamViewer uncovered “no evidence that the threat actor gained access to our product environment or customer data.” Still, it’s unclear what the Russian hackers accessed or stole from the company’s corporate IT environment, which likely contained valuable information about TeamViewer’s processes and security. The company detected the intrusion on Wednesday. The investigation so far shows the Russian hackers gained access by using the login credentials for a TeamViewer employee. “Based on continuous security monitoring, our teams identified suspicious behavior of this account and immediately put incident response measures into action,” the company says. News of the breach first emerged from a third-party security security company, NCC Group, which said it had received intel suggesting that Midnight Blizzard had infiltrated TeamViewer. This prompted NCC Group to alert its customers since the Russian hacking group has long been affiliated with the Kremlin. Midnight Blizzard recently grabbed headlines for hacking Microsoft’s corporate email accounts.
Recommended by Our Editors
Although TeamViewer says the hack is confined to its corporate IT environment, NCC Group is still advising customers that “removal of TeamViewer from your estate will assist in mitigating any potential compromise via this vector.”“If you are unable to remove the application, then placing those hosts with it installed under heightened monitoring may provide you with further assurance,” NCC Group added.
Like What You’re Reading?
Sign up for SecurityWatch newsletter for our top privacy and security stories delivered right to your inbox.
This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy. You may unsubscribe from the newsletters at any time.
