TeamViewer – the company behind the TeamViewer login capability and one of the most popular remote desktop access solutions – has suffered a data breach attributed to APT29. Find out everything you need to know about the incident here.
Preface
On June 26, 2024, TeamViewer has detected a security incident in their systems. The team behind TeamViewer – the company behind the TeamViewer login – has immediately launched an investigation into what could’ve triggered the incident.
The investigation into the possible breach of TeamViewer infrastructure started by TeamViewer collaborating with security experts from Microsoft – the two teams concluded their investigation into this incident on July 4, 2024. And they blamed none other than APT29 – the Russian-backed cybercrime group.
The TeamViewer Breach – What Happened?
According to TeamViewer, the team initially detected traces of a possible data breach on June 26, 2024. After an eight-day-long investigation, the team has concluded that the data breach affected their internal corporate environment – after the attack was thwarted, no other malicious activity was noticed.
According to TeamViewer, their team is continuously monitoring their environment to make sure that nothing suspicious is going on, and the threat actors behind the attack appear to be the Russian-based APT29 group.
Not much is known about the breach because not much time has passed, but it appears that US-based companies and institutions had warned TeamViewer that it may become a target for hacks in the past and that the breach was initially uncovered by the Health-ISAC (Information Sharing and Analysis Center) after Health-ISAC has received credible information about a data breach from an intelligence-related source.
What is APT29?
Health-ISAC was quick to note that they suspect the TeamViewer data breach to originate from APT29 – a Russian-based state-sponsored hacking organization. APT29 – or Advanced Persistent Threat 29 – appears to threaten a variety of industries including government agencies, think tanks, and, surprisingly, also organized crime groups. It is widely known that APT29 goes by various names including the well-known “Cozy Bear” (the organization originates from Russia after all), “CozyCar”, “Office Monkeys”, “The Dukes”, “Dark Halo”, “NOBELUM”, “Stellar particle”, and “CozyDuke.” Microsoft calls them Midnight Blizzard.
According to various sources including F-Secure, this organized crime group is no joke and it has many objects critical to governments, militaries, and beyond in its crosshairs – the group is known for its malicious phishing campaigns, attacks on the Democratic Party of the U.S, the Democratic National Committee or DNC and others. The APT29 group is also known for developing tools to make their “job” easier and they’re also believed to be behind the Microsoft hack earlier this year.
Back to TeamViewer, though, the company says that APT29 had no luck accessing sensitive data and only accessed internal systems – and that’s proof of how much effort TeamViewer puts into securing its products.
The TeamViewer data breach was rather quickly contained and attackers said to be affiliated with APT29 were quickly contained – but TeamViewer is certainly not their only target and it’s likely that we’re going to see more data breaches in the upcoming months.
How to Protect Yourself?
In this day and age with data breaches happening left, right, and center, it’s crucial to have the right tools to enable you to protect yourself from identity theft and credential stuffing attacks. The BreachDirectory data breach search engine and the BreachDirectory API are a prime example of such tools – the data breach search engine will let you figure out whether your account is at risk of identity theft and the BreachDirectory API will let you protect yourself, your company, and those close to you from identity theft by implementing the data in BreachDirectory into the systems of your company.
Don’t miss out – make sure to subscribe to our notification letter to be notified about your account appearing in future data breaches that will be added to BreachDirectory too.
Summary
TeamViewer announcing that their systems got breached was quite a surprise, but the team quickly identified the perpetrators – they’re said to be affiliated with APT29 – and contained the incident. No customer data was accessed – the breach only affected the internal systems of TeamViewer.
Nonetheless, protecting yourself and your critical data is of crucial importance – do so by using the BreachDirectory data breach search engine or the BreachDirectory API appliance and until next time.
Frequently Asked Questions – TeamViewer and APT29
What Is TeamViewer?
TeamViewer is a popular software appliance that lets users facilitate remote access to other computers. TeamViewer is used privately as well as by corporate organizations, and it just so happened that last month, TeamViewer suffered a data breach attributed to APT29 – a Russian-backed cybercrime group.
What is APT29?
APT29, or Advanced Persistent Threat 29, is a state-sponsored hacking group believed to be affiliated with the Russian government. The hackers behind APT29 have perpetrated many successful attacks targeting governments, militaries, and corporate networks.
Did TeamViewer Get Hacked?
Yes, TeamViewer indeed appears to have gotten breached on June 26, 2024. The incident only affected the internal systems of TeamViewer and was contained rather quickly.
How to Protect Myself and My Company From Groups Like APT29?
To protect yourself, your company, and your colleagues as well as your friends from hacking, identity theft, and credential stuffing, make good use of data breach search engines such as the one built by BreachDirectory. The BreachDirectory API will also help with implementing the data available in BreachDirectory into your infrastructure.