HQ/EMEAFind out how we can help your business
Popular software provider TeamViewer disclosed last week that a notorious Russian advanced persistent threat group had infiltrated its corporate IT infrastructure.
New details about the incident revealed that the business blamed the recently reported incident on APT29, also known as Cozy Bear. This notorious threat group is supposedly supervised and backed by Russia’s Foreign Intelligence Service (SVR) and has been linked to various data breaches for the past years.
The company stated that the attack last weekend was caused by compromised credentials of one of their standard employee accounts in the IT sector. However, there is no proof that APT29 gained access to the company’s product environment or customer data, as the corporate IT network is separate from other company systems.
This information implies that the company strictly keeps all servers, networks, and accounts segregated to avoid unwanted access and lateral movement between environments.
TeamViewer remained tight-lipped about the details of the attack but insisted that it only had a limited impact.
A TeamViewer spokesperson declined to answer multiple inquiries about what systems or data Cozy Bear accessed. However, the company’s initial statement insisted that the incident’s impact was limited to TeamViewer’s internal corporate IT environment and did not affect the product environment, connectivity platform, or client data. In addition, the company assured concerned individuals that it would continue to investigate the matter.
This cybersecurity issue occurred on Thursday last week when various firms began informing customers and members about Cozy Bear’s attack on TeamViewer. A cybersecurity firm and a healthcare provider both issued private notification warnings of the incident.
On the other hand, a separate researcher claimed that removing TeamViewer software will help mitigate any potential compromise through this method until more information is available.
Therefore, users and organisations that employ the software should be attentive to the strange activity that could indicate a compromise. If a user cannot delete the application, having it installed by those hosts under close surveillance may offer additional assurance.
APT29’s primary goal is to acquire intelligence that will assist the Russian military sector in making strategic decisions, emphasising material that gives insight into international politics. Therefore, organisations with critical information, especially concerning defence and military details, should be aware of this looming threat.
