On June 26, RMM software designer TeamViewer announced a recent breach of their network. According to TeamViewer, no customer data has yet been compromised by this breach. Read this Cybersecurity Threat Advisory in detail to secure your network and devices.
What is the threat?
TeamViewer believes the Russian state-sponsored hacker group APT29, also known as Midnight Blizzard, is behind a recent breach of their internal corporate network. They suspect the breach is from the use of an employee’s credentials. Irregular activity was recorded on this account in the company’s internal corporate IT environment.
Why is it noteworthy?
TeamViewer is a popular provider of remote access tools allowing customers to access other devices across the internet. Some of their more noteworthy clients include DHL and Coca-Cola and provides services to over 600,000 customers and 2.5 billion devices worldwide.
They have a rather infamous reputation for being the frequent target of hackers and malicious actors due to their business ties as well as their ability to remotely access other devices, allowing hackers to plant malware. APT29 is one of many groups that the US government is familiar with. They have ties to Russia’s foreign intelligence service, the SVR. APT29 is notorious for its simple, yet effective hacking methods to steal sensitive data.
What is the exposure or risk?
TeamViewer has stressed that their investigation has not revealed any indication their production or customer data was compromised during the hack, while making sure their corporate and product networks are isolated from each other. After TeamViewer’s investigation concluded, the Health Information Sharing and Analysis Center (H-ISAC) issued a bulletin warning the healthcare sector of TeamViewer being exploited, advising organizations to review logs for any unusual traffic.
What are the recommendations?
Barracuda MSP recommends the following steps to mitigate the potential threat caused by the APT29 hack:
- Implement two-factor and multi-factor authentication and access controls to mitigate potential risks.
- Use allowlists and blocklists to control and limit access to your devices.
- Monitor network connections and TeamViewer logs.
References
For more in-depth information about the recommendations, please visit the following links:
- https://www.bleepingcomputer.com/news/security/teamviewer-links-corporate-cyberattack-to-russian-state-hackers/
- https://www.themobileindian.com/news/teamviewer-admits-cyberattack-by-russian-hacking-group-apt29
- https://techcrunch.com/2024/06/28/teamviewer-cyberattack-apt29-russia-government-hackers/
If you have any questions about this Cybersecurity Threat Advisory, please contact Barracuda XDR’s Security Operations Center.
