Internet - Cyber attack on remote maintenance software provider Teamviewer
The German software provider Teamviewer has reportedly become a victim of a cyberattack, according to its own statement on its website. On Wednesday, the security team of Teamviewer detected an "anomaly" in the internal IT environment. The TecDax-listed company immediately activated its defense team and initiated corresponding processes. "Together with globally recognized IT security experts, we have begun immediate investigations and implemented necessary protective measures."
Teamviewer is one of the largest providers of remote maintenance software, which is used in companies, among other things, to access the screens of employees to resolve service requests. Through this channel, one can also access sensitive information. Teamviewer stated that the initial investigations suggest that the attack occurred on Wednesday using the credentials of a standard employee account in the corporate IT environment.
Russian hackers suspected
Teamviewer is currently investigating the attack in collaboration with an external service provider. The attack is being traced back to the APT29 / "Midnight Blizzard" group, which is also known as "Cozy Bear." This group is believed to be controlled by the Russian intelligence service FSB. The Kremlin hackers are also suspected of attacking several German political parties with malware.
Teamviewer confirmed a report by the Heise.de portal, which referred to information from various IT security organizations, stating that the attack targeted the account of an APT group (Advanced Persistent Threat). Behind such groups are usually state actors. A leaked memo from the IT security company NCC Group circulating on social media mentions a significant compromise by an APT group.
Limited damage due to good infrastructure
Teamviewer emphasized, based on the latest investigation findings, that the attack on the corporate IT environment of the company was contained. "There is no evidence that the attackers gained access to our product environment or customer data." The remote maintenance specialist emphasized a strict separation between the corporate IT, the product environment, and the Teamviewer Connectivity Platform. "This means that we keep all servers, networks, and accounts strictly separated to prevent unauthorized access and movements between the different environments."
- The security team in Göppingen, Germany, where Teamviewer is headquartered, quickly sprang into action upon detecting the anomaly.
- Teamviewer's stock price on the TecDAX index saw a temporary dip due to the news of the cyberattack.
- The cyberattack poses a potential threat to companies and individuals using Teamviewer's remote maintenance software, as it allows for remote access to computers.
- The attackers might have been motivated by financial gain or even espionage, given the telecommunications industry's sensitive nature.
- The German government has been closely monitoring the situation, considering the potential implications for national security.
- Some experts suggest that the APT29 group's involvement in the attack could be a warning sign of increasing cybercrime in Germany and the broader European Union.
- Baden-Württemberg's police and cybercrime units are collaborating with Teamviewer's security team to gather more information and prevent future attacks.
- Despite the cyberattack, Teamviewer reassured its users that their data remains secure due to its robust cybersecurity measures and strict data protection protocols.