Situation:
TeamViewer has had a security breach, the attackers are suspected to be of Russian origin and are suspected to be linked to the Russian Government.
TeamViewer states only internal details have been taken by the attackers, no customer data is thought to be leaked and we will just run through a simple briefing on this security breach.
Attacker:
The attacker has been identified as a prolific group named APT29 (AKA Cozy Bear)
Link: Cozy Bear - Wikipedia
What is TeamViewer?
If you don't know what TeamViewer is, the good news is that you likely don't need to worry!
TeamViewer is a remote support tool for remote connections into other computers to provide support. Commonly used in companies with distributed workforces, it can be left on user attended machines or unattended machines alike to avoid having to have an engineer drive for hours to get there to physically work on the machine.
Action required:
As of writing (08/07/2024) there is no action required for customers as this is only an internal issue
for TeamViewer, should there be further updates to the incident that require some action - we will update this article with recommendations.
Summary:
These attacks are not uncommon, TeamViewer may discover further consequences of this breach as time goes on.
It is worth being vigilant for evolving stories of this nature, watch for updates if they may affect you.
It is also worth noting that TeamViewer seem to have good comms out regarding this breach, it has been very clear and seems very timely - this is a good indicator that this company is a responsible company when it comes to disclosing security breaches.
Note: SecuriKiwi does have a remote management tool we can help with, one of our partners has a great RMM tool and we have a great deal on the software - if you want to discuss and get a demo then get in touch!
Comments