TeamViewer, a prominent software company, confirmed on Friday that it fell victim to a cyberattack by a well-known Russian hacking group earlier in the week. The company identified the group responsible for the attack as APT29, also known as Cozy Bear, BlueBravo, and Midnight Blizzard. APT29 is believed to be linked to Russia’s Foreign Intelligence Service (SVR) and has been involved in several significant cyberattacks over the past decade, including the infamous 2020 SolarWinds hack and the 2016 attack on the Democratic National Committee.
According to TeamViewer, the breach on Wednesday was traced back to the credentials of a standard employee account within the company’s corporate IT environment. However, the company clarified that there is no evidence to suggest that APT29 was able to access the company’s product environment or customer data. TeamViewer assured that its corporate IT network is segregated from other systems within the company to prevent unauthorized access and lateral movement between different environments.
Despite the breach, TeamViewer assured the public that the attack was contained within its internal corporate IT environment and did not impact its product environment, connectivity platform, or customer data. The company stated that it is actively investigating the incident to further strengthen its cybersecurity measures.
The breach came to light when several organizations issued warnings to their customers and members about APT29’s attack on TeamViewer. Cybersecurity firm NCC Group and a healthcare industry cybersecurity coalition both sounded alarms about the breach, advising users to remove TeamViewer software to mitigate potential risks. These alerts were aimed at increasing awareness about the cyber threat posed by APT29 and protecting organizations from further attacks.
APT29, known for its sophisticated cyber capabilities and supply chain attacks, has been targeting tech companies of all sizes. The group aims to gather intelligence that can aid the Kremlin in making strategic decisions, particularly focusing on data related to foreign affairs. Recently, APT29 was involved in a major cyberattack on Microsoft, which resulted in the exposure of emails from several U.S. federal agencies containing sensitive information.
In response to the breach, Microsoft has begun notifying more organizations about the unauthorized access to their emails and other data by APT29. The group’s recent targeting of political parties in Germany underscores its relentless pursuit of gathering intelligence for Russian interests.
Given the ongoing conflict in Ukraine and the pressure on Russian security services to support their war efforts, APT29’s activities are expected to continue targeting organizations worldwide. The cybersecurity community remains vigilant in thwarting such sophisticated cyber threats and protecting sensitive information from falling into the wrong hands.