AnyDesk, a remote desktop application provider, recently confirmed that hackers gained unauthorized access to the company’s production systems in a recent cyberattack. The company has stated that the problem has been remediated, and all security-related certificates have been revoked.
In a public statement, AnyDesk acknowledged that the cybersecurity incident occurred and that they have been working with experts from CrowdStrike to address the issue and inform the relevant authorities. They also clarified that the incident did not involve any ransomware. Additionally, the company assured that all security-related certificates have been revoked, and necessary systems have been remediated or replaced.
While BleepingComputer reported that source code and private code signing keys were stolen during the breach, AnyDesk has emphasized that its systems are designed not to store private keys, security tokens, or passwords that could be exploited to connect to end-user devices. As a precaution, the company has revoked all passwords to its web portal, my.anydesk.com, and is advising users to change their passwords, especially if the same credentials are used on other platforms.
Based in Stuttgart, Germany, AnyDesk provides remote desktop software, allowing users to access and control computers or devices from a different location. Despite the cyber incident, AnyDesk stated that there is no evidence of any end-user devices being affected. The company has assured that the situation is under control, and users can continue using AnyDesk safely by ensuring that they are using the latest version with the new code signing certificate.
With a customer base of 170,000 organizations, including well-known names like 7-Eleven, Comcast, LG Electronics, and the United Nations, AnyDesk has a significant user footprint. However, following the cyber incident, IT admins received an alert warning of service disruptions as the platform underwent maintenance since January 30, 2024.
The breach at AnyDesk serves as a reminder of the constant threat of cyberattacks, especially on remote desktop applications, which are frequently targeted by cybercriminals, aiming to exploit the access and control they provide over computers and devices.
The news of AnyDesk’s cybersecurity incident comes shortly after internet infrastructure provider Cloudflare disclosed that a nation-state hacker had utilized stolen access tokens and service account credentials from Okta to access a self-hosted Atlassian server used by the company. Cloudflare admitted that it had failed to rotate the credentials after Okta revealed the attack in October.
In conclusion, the breach at AnyDesk has prompted the company to take swift action in remediating the incident and revoking security-related certificates. The cybersecurity incident underscores the ongoing threat posed by cybercriminals and the importance of robust security measures to protect against unauthorized access and data breaches.