HomeSecurity OperationsTeamViewer reports Russia’s ‘Cozy Bear’ hackers targeted corporate IT system

TeamViewer reports Russia’s ‘Cozy Bear’ hackers targeted corporate IT system

Published on

spot_img

TeamViewer, a prominent software company, confirmed on Friday that it fell victim to a cyberattack by a well-known Russian hacking group earlier in the week. The company identified the group responsible for the attack as APT29, also known as Cozy Bear, BlueBravo, and Midnight Blizzard. APT29 is believed to be linked to Russia’s Foreign Intelligence Service (SVR) and has been involved in several significant cyberattacks over the past decade, including the infamous 2020 SolarWinds hack and the 2016 attack on the Democratic National Committee.

According to TeamViewer, the breach on Wednesday was traced back to the credentials of a standard employee account within the company’s corporate IT environment. However, the company clarified that there is no evidence to suggest that APT29 was able to access the company’s product environment or customer data. TeamViewer assured that its corporate IT network is segregated from other systems within the company to prevent unauthorized access and lateral movement between different environments.

Despite the breach, TeamViewer assured the public that the attack was contained within its internal corporate IT environment and did not impact its product environment, connectivity platform, or customer data. The company stated that it is actively investigating the incident to further strengthen its cybersecurity measures.

The breach came to light when several organizations issued warnings to their customers and members about APT29’s attack on TeamViewer. Cybersecurity firm NCC Group and a healthcare industry cybersecurity coalition both sounded alarms about the breach, advising users to remove TeamViewer software to mitigate potential risks. These alerts were aimed at increasing awareness about the cyber threat posed by APT29 and protecting organizations from further attacks.

APT29, known for its sophisticated cyber capabilities and supply chain attacks, has been targeting tech companies of all sizes. The group aims to gather intelligence that can aid the Kremlin in making strategic decisions, particularly focusing on data related to foreign affairs. Recently, APT29 was involved in a major cyberattack on Microsoft, which resulted in the exposure of emails from several U.S. federal agencies containing sensitive information.

In response to the breach, Microsoft has begun notifying more organizations about the unauthorized access to their emails and other data by APT29. The group’s recent targeting of political parties in Germany underscores its relentless pursuit of gathering intelligence for Russian interests.

Given the ongoing conflict in Ukraine and the pressure on Russian security services to support their war efforts, APT29’s activities are expected to continue targeting organizations worldwide. The cybersecurity community remains vigilant in thwarting such sophisticated cyber threats and protecting sensitive information from falling into the wrong hands.

Source link

Latest articles

Phishing Campaign Exploits eCards to Distribute RMM Tools

Phishing Operation Targets Users with Fake eCards: A Six-Month Scheme Exposed A recent investigation has...

Russian-Speaking Hacker Deploys C2 Botnet in Six Minutes Using Gemini CLI

Russian-Speaking Threat Actor Employs AI for Rapid Command-and-Control Migration A recent investigation into the operations...

Creating a Cryptography Bill of Materials: Proceed with Caution!

US Government Is Working on CBOMs But Discovery and Inventories Are a Local Problem In...

New Windows Bind Link Techniques Enable Attackers to Bypass EDR and Security Controls

Bitdefender has recently unveiled alarming techniques that illustrate the evolving landscape of cyber threats,...

More like this

Phishing Campaign Exploits eCards to Distribute RMM Tools

Phishing Operation Targets Users with Fake eCards: A Six-Month Scheme Exposed A recent investigation has...

Russian-Speaking Hacker Deploys C2 Botnet in Six Minutes Using Gemini CLI

Russian-Speaking Threat Actor Employs AI for Rapid Command-and-Control Migration A recent investigation into the operations...

Creating a Cryptography Bill of Materials: Proceed with Caution!

US Government Is Working on CBOMs But Discovery and Inventories Are a Local Problem In...