Distant software program supplier TeamViewer has been hit by a cyber-attack that it has attributed to Russian state-affiliated menace actor Midnight Blizzard/APT29.
The agency revealed it recognized suspicious habits on a typical worker account inside its company IT surroundings on Wednesday, June 26. It has tied the incident to the credentials of that account.
TeamViewer stated its safety staff was in a position to include the assault inside its company IT surroundings, with no proof the menace actor gained entry to its product surroundings or buyer information.
“Following best-practice structure, we’ve got a powerful segregation of the Company IT, the manufacturing surroundings, and the TeamViewer connectivity platform in place. This implies we hold all servers, networks, and accounts strictly separate to assist forestall unauthorized entry and lateral motion between the totally different environments,” the agency acknowledged.
TeamViewer added that it’s in “fixed alternate” with menace intelligence suppliers and related authorities because it continues to research the incident.
Assault Attributed to Russian State Group
TeamViewer, along with exterior incident response help, presently attributes the assault to the Midnight Blizzard/APT29 menace actor.
Midnight Blizzard is an APT group that’s linked to Russia’s international intelligence service (SVR). It’s identified to focus on espionage and intelligence gathering operations in opposition to governments and significant industries.
In January 2024, Microsoft revealed the group compromised the e-mail accounts of a few of its senior management staff. The agency later revealed Midnight Blizzard used info exfiltrated from its company electronic mail techniques to realize entry to supply code and inside techniques.
In June 2024, French cybersecurity company ANSSI stated the group has been constantly concentrating on French diplomatic entities and public organizations since 2021.
Commenting on the story, John Hultquist, Mandiant Chief Analyst, Google Cloud, defined that Midnight Blizzard is thought to conduct provide chain assaults on tech corporations to realize precious intelligence on their prospects on behalf of the Russian state.
“Usually they’re on the lookout for perception into international affairs, with a selected emphasis on help for Ukraine, they usually goal authorities and associated organizations for that info. Just lately they’ve focused political events in Germany as effectively,” he stated.
Healthcare Warned of Energetic Exploitation
Distant software program companies like TeamViewer are continuously utilized by menace actors to realize preliminary entry and establishing persistence on the right track networks.
TeamViewer is utilized in numerous vital sectors, together with manufacturing, healthcare and public sector organizations.
The US Well being Data Sharing and Evaluation Middle (H-ISAC) has issued a menace bulletin warning healthcare organizations of the energetic exploitation of TeamViewer.
The company is recommending that customers allow two-factor authentication and use the allowlist and blocklist to regulate who can hook up with their units, amongst different measures.
Wirestock Creators / Shutterstock.com