On June 26, 2024, TeamViewer disclosed an “irregularity” in its internal corporate IT environment, prompting swift action.
A statement from the company indicated that they immediately engaged their response team, conducted investigations with global cybersecurity experts, and implemented necessary corrective actions.
The company confirmed that the corporate IT infrastructure is isolated from the product environment, assuring customers that there is no evidence of any impact on customer data due to this incident.
While details about the perpetrators and methods of intrusion were not disclosed, ongoing investigations are underway and the company pledged to provide updates as new information emerges.
Headquartered in Germany, TeamViewer develops remote monitoring and management software used by over 600,000 customers, including managed service providers and IT departments for server and network management.
Reports from the U.S. Health Information Sharing and Analysis Center (Health-ISAC) highlighted active exploitation of TeamViewer by threat actors, particularly APT29, associated with the Russian Foreign Intelligence Service (SVR).
It remains unclear whether the exploitation involves TeamViewer vulnerabilities to breach networks, leverage poor security practices by targets, or target TeamViewer’s systems directly.
APT29, also known as BlueBravo or Cloaked Ursa, is a state-sponsored threat group linked to cyber breaches at major companies like Microsoft and Hewlett Packard Enterprise (HPE).
Microsoft recently disclosed that APT29 accessed some customer email accounts following a cybersecurity breach earlier in the year, as reported by Bloomberg and Reuters.
Microsoft stated, “This week we are continuing notifications to customers who corresponded with Microsoft corporate email accounts that were exfiltrated by the Midnight Blizzard threat actor,” as per reports from the news agency.
About Author
