On 27 June 2024, the company TeamViewer, manufacturer of the software product of the same name, published a statement [1] that the company had become aware of an active cyber attack within its corporate environment. In response to this attack TeamViewer has engaged "external incident response support" and is currently investigating the root cause and impact of the incident. Although the investigation is still ongoing, TeamViewer has already attributed the attack to the threat actor APT-29, which has previously been linked to the Russian Foreign Intelligence Service (SVR) [2].
Description
According to TeamViewer, the investigation would have shown that the cyber attack would have started on 26 June 2024 and was contained on 28 June 2024. The attack would have only affected TeamViewer's corporate environment, which (according to TeamViewer) is "strongly segregated" from the production environment (associated with the software product). Accordingly, TeamViewer's investigation found no evidence that the threat actor had gained access to TeamViewer's product environment or customer data.
Northwave has attempted to gather further information about the attack through public channels and threat intelligence sources, which showed that evidence of the TeamViewer breach had been separately picked up by security vendor NCC Group [3]. Other than that, information on the nature of the attack is currently limited.
Risk and impact
Based on TeamViewer's allegations, the impact of the attack does not appear to affect the TeamViewer software product. If TeamViewer's allegations are true, we currently estimate the risk of abuse of the software product TeamViewer for TeamViewer customers to be very low. However, we note though that we currently have too limited information to properly assess the situation.
What should you do?
At this time, there is no indication that the TeamViewer software product has been affected. Therefore, we do not recommend taking any business disruptive containment measures. Organisations using TeamViewer may wish to consider implementing general best practices, such as multi-factor authentication, network access policies, and security monitoring
What will Northwave do?
We will continue to monitor developments regarding this compromise. If there is any new information about this cyber attack that would lead to a serious risk, we will contact you. You can call us or email us if you would like more information
Sources
Disclaimer
Northwave has made every effort to make this information accurate and reliable. However, the information provided is without warranty of any kind and its use is at the sole risk of the user. Northwave does not accept any responsibility or liability for the accuracy, content, completeness, legality or reliability of the information provided. We will not be liable for any loss or damage of whatever nature, direct or indirect, consequential or other, whether arising in contract, tort or otherwise, which may arise as a result of your use of, or inability to use, this information or any additional information provided by us in direct or indirect relation to the information provided here.