TeamViewer, which makes a remote access tool widely used by businesses, has confirmed an ongoing cyber attack on its corporate network.
In a statement on Friday, the company blamed the intrusion on government-sponsored hackers working for Russian intelligence, known as APT29, or Midnight Blizzard.
The Germany-based company said its investigation so far has revealed that the initial intrusion occurred on June 26 and was “linked to standard employee account credentials within our corporate IT environment.”
TeamViewer said the cyberattack was “confined” to its corporate network and that its internal network and customer systems were isolated. The company added that it has “no evidence that the threat actors accessed our production environment or customer data.”
TeamViewer spokesperson Martina Deer declined to answer a series of questions from TechCrunch, including whether the company has the technical capability to identify what data, such as logs, was accessed from its network or whether any data was leaked.
TeamViewer is one of the most popular providers of remote access tools, allowing corporate clients such as shipping giant DHL and beverage maker Coca-Cola to access other devices and computers over the internet, according to its website. The company says it has more than 600,000 paying customers, enabling remote access to more than 2.5 billion devices worldwide.
TeamViewer has also been known to be exploited by malicious hackers due to its ability to remotely plant malware on victim devices.
It's unclear how TeamViewer employee credentials were compromised, and TeamViewer has not said anything.
The U.S. government and security researchers have long attributed APT29 to hackers affiliated with Russia's foreign intelligence service, the SVR. APT29 is one of the more persistent, well-funded, government-backed hacking groups known for waging a long-running stealthy espionage campaign aimed at stealing sensitive data using simple but effective hacking techniques, including password stealing.
TeamViewer is the latest technology company recently targeted by Russia's SVR. The same government hacker group infiltrated Microsoft's corporate network earlier this year, stealing emails from senior executives in an attempt to learn what the intruders themselves knew. Microsoft has said other technology companies were also breached during the ongoing Russian espionage operation, and the US cybersecurity agency CISA confirmed that federal government emails hosted on Microsoft's cloud were also stolen.
Months later, Microsoft said it was struggling to clear the hackers from its systems, calling the operation a “sustained and significant effort” of the Russian government's “resources, coordination and focus.”
The US government also blamed Russia's APT29 for an espionage campaign targeting US software company SolarWinds from 2019 to 2020. The cyberattack involved planting a malicious backdoor in SolarWinds' flagship software, resulting in a massive hack of US federal government agencies. Once the tainted software update was distributed to SolarWinds customers, Russian hackers gained access to all networks running the compromised software, including the Treasury, Justice and State departments.
Do you know more about the TeamViewer cyberattack? Let us know. You can contact this reporter on Signal and WhatsApp (+1 646-755-8849) or by email. You can also send files and documents via SecureDrop.