APT attack on remote maintenance software? Security incident at TeamViewer
Not much is yet known about the extent of the attack against the remote maintenance software – initial indications point to the authors being professionals.
(Image: II.studio/Shutterstock.com)
TeamViewer, one of the largest providers of remote maintenance software, was the victim of a cyberattack yesterday. As the company confirms, it detected anomalies in its internal IT environment on Wednesday. Investigations and security measures were started immediately, the company emphasized in a statement on its website.
The statement continues: "TeamViewer's internal IT environment is completely independent of the product environment. There is no indication that our product environment or customer data may have been affected." The company attaches great importance to transparency and will publish regular updates on the status of the investigation.
According to various IT security organizations, the attack is the work of an APT (Advanced Persistent Threat) group. An excerpt from an internal NCC Group memo is circulating on social networks, which mentions a significant compromise by an APT. The organization Health-ISAC (Information Sharing and Analysis Center) claims to have learned from a secure source that this is "Cozy Bear", a group controlled by the Russian Secret Service SWR.
Many questions unanswered
Much is still unclear – but the confirmation by TeamViewer should make admins sit up and take notice. We will continue to monitor the situation and update this report if necessary. The remote maintenance software had a security vulnerability just a few months ago.
(cku)
