AnyDesk, a remote desktop application provider, recently confirmed that hackers gained unauthorized access to the company’s production systems in a cyberattack. The company worked with cybersecurity experts to remediate the incident and notify the authorities. AnyDesk stated that the incident did not involve ransomware and all security-related certificates were revoked, and systems were remediated or replaced as necessary.
According to reports, source code and private code signing keys were stolen during the cyber incident. However, AnyDesk mentioned that its systems are designed not to store private keys, security tokens, or passwords that could be exploited to connect to end-user devices. As a precautionary measure, the company revoked all passwords to its web portal, my.anydesk.com, and advised users to change their passwords if they have reused them elsewhere.
Based in Stuttgart, Germany, AnyDesk provides remote desktop software that allows users to access and control a computer or device from another location. It is commonly used for remote assistance, collaboration, and accessing files or applications on a different machine. Cybercriminals often target remote desktop applications to take over computers and potentially empty bank accounts, steal data, or perform other malicious tasks remotely. Despite this incident, AnyDesk mentioned that there is no evidence that any end-user devices have been affected and assured that it is safe to use the application.
The company emphasized the importance of using the latest version of the software with the new code signing certificate. AnyDesk serves a diverse customer base of 170,000 organizations, including major brands and institutions such as 7-Eleven, Comcast, LG Electronics, Samsung Electronics, Spidercam, MIT, NVIDIA, SIEMENS, the United Nations, and Thales.
In response to the incident, IT admin Günter Born of BornCity sent an alert to all IT admins who use the remote maintenance software, warning them that the service had been undergoing maintenance since January 30, 2024. The news about the cyber incident came shortly after internet infrastructure provider Cloudflare disclosed that a nation-state hacker had used stolen access tokens and service account credentials to access a self-hosted Atlassian server used by Cloudflare. Cloudflare admitted that it had failed to rotate the credentials after the initial attack was disclosed by Okta in October.
In conclusion, AnyDesk is taking proactive measures to address the cyber incident, and it is advising its users to prioritize the security of their passwords and ensure that they are using the latest version of the software. The company continues to work with cybersecurity experts to strengthen its systems and prevent future security breaches.