TeamViewer says Russia’s ‘Cozy Bear’ hackers attacked corporate IT system

About the attack

On June 27, 2024, German software company TeamViewer disclosed a cyberattack that affected its internal corporate IT systems. The company, who initially observed the activity on June 26, 2024,  attributed the incident to the Russian state-sponsored group APT29. TeamViewer, an organisation that produces widely used remote access software, investigated the incident and mentioned that the breach was “tied to credentials of a standard employee account within our Corporate IT environment”. TeamViewer stated that their production environment and customer data remain unaffected.

On June 30, 2024, TeamViewer revealed that APT29 used a compromised employee account and copied “employee directory data”, including “names, corporate contact information, and encrypted passwords”. The company reaffirmed that the threat actors did not gain access to the company’s production environment or customer data and that the breach appears to be contained.

TeamViewer is more often targeted or used as a means to ultimately target third-party organisations, since it is a remote monitoring and management (RMM) product that can facilitate threat actors’ access to internal corporate environments and local machines. It is unclear if APT29’s ultimate goal was to compromise TeamViewer, or TeamViewer’s customers. That said, APT29 has previously used third party accounts (specifically, service accounts in cloud services) and system access tokens to eventually access clients’ own cloud environments.

The group, allegedly housed within Russia’s Foreign Intelligence Service (SVR), has been implicated in several of the most consequential hacks of the last decade — including the 2020 SolarWinds hack and the 2016 attack on the Democratic National Committee.

Source : https://therecord.media/teamviewer-cozy-bear-hack-confirmedhttps://attack.mitre.org/groups/G0016/; Insikt Group

Download our report for an easy-to-read look at some of the major reports produced by the government and associated bodies including actionable points, helping you protect your organisation. Click the button to download our report…