Software company TeamViewer is currently investigating a potential breach of its internal corporate IT environment after spotting irregularities on Wednesday, as reported by the company on Thursday. TeamViewer clarified that its corporate environment is distinct from its product environment, emphasizing that there is no evidence to suggest any impact on the product environment or customer data. The company assured the public that investigations are ongoing, with a primary focus on safeguarding the integrity of their systems. Updates on the investigation will be provided as progress is made.

In response to inquiries about the incident, a TeamViewer spokesperson informed Recorded Future News that no additional details could be shared beyond the initial statement released. TeamViewer’s software is widely embraced by numerous large organizations for device fleet management, but it has dealt with security challenges in the past.

Notably, the company has been targeted by alleged Chinese hackers, and its software has been utilized maliciously by hackers during security incidents. Reports circulating on social media have hinted at possible nation-state attacks involving TeamViewer software, prompting organizations to issue warnings to their members.

For instance, cybersecurity firm NCC Group and the healthcare cybersecurity organization Health-ISAC have advised entities about potential compromises related to TeamViewer. NCC Group disclosed that it alerted its clients to a significant compromise of the TeamViewer platform by an APT group, although the specifics of the breach were not divulged. Health-ISAC also reportedly informed its members of active exploitation of TeamViewer by APT29 and recommended vigilance regarding remote desktop traffic.

The American Hospital Association confirmed the advisory from Health-ISAC and reiterated precautions such as enabling two-factor authentication and employing allowlists and blocklists to manage device connections. APT29, affiliated with Russia’s Foreign Intelligence Service (SVR), has a history of engaging in foreign espionage and electronic surveillance, responsible for executing high-profile cyber attacks against the U.S., such as the SolarWinds hack and the attack on the Democratic National Committee in 2016.

Recent incidents involving APT29 include breaches targeting tech giants like Microsoft and Hewlett Packard Enterprise. The U.S. cybersecurity agency issued alerts regarding the implications of the Microsoft breach, highlighting potential exposure of sensitive information from federal agencies. These developments underscore the ongoing challenges posed by sophisticated threat actors like APT29 in the realm of cybersecurity.

Извор линк