Russian -Linked Cyber Attack Reported by Software Firm TeamViewer

An attack on the corporate network of a remote access software firm, TeamViewer, exposed workers’ data to skilled hackers.

The screen-sharing program TeamViewer is quite popular among IT workers. At the end of June, the business said that it had begun restoring its internal systems after the attack.

In 2005, a business in southern Germany developed software that allowed them to remotely demonstrate new programs on their clients’ PCs. This new business was born with the goal of increasing productivity by decreasing or eliminating travel time.

The business released a statement claiming that a threat actor had gained access to an employee account and had copied directory data, including corporate contact information and encrypted passwords for the company’s internal IT system.   

TeamViewer blamed APT29 / Midnight Blizzard, an organization that the Biden administration had linked to the Russian Foreign Intelligence Service (SVR).

Multiple high-profile hacks have implicated Midnight Blizzard. In 2014, the Office Monkeys campaign targeted a private research institute in Washington, D.C. In 2015, it hacked the Pentagon.  In 2016, it was the Democrat National Committee (DNC) along with US think tanks. In 2017, it was the Norwegian government and multiple Dutch ministries.

The Russian outfit was well recognized for its involvement in the 2020 breach of SolarWinds, a program used to monitor computer networks. The Biden administration claimed that nine federal agencies were affected by this intrusion. According to US authorities, hackers were allegedly able to gain access to over 16,000 computer networks globally via the SolarWinds breach.

Microsoft said in January that the same group hacked into the emails of its senior officials to find out what they knew about them.

TeamViewer stated that it collaborated with Microsoft in response to the hackers and that it thinks this reduced the likelihood that they would obtain the encrypted passwords of its workers.

There are cybercriminals who would rather act as access brokers than outright steal client data. These individuals would first scan systems for vulnerabilities and then either sell or provide this data to other cybercriminals.

According to TeamViewer, they have not discovered any proof that the hackers had access to client data or their products.