TeamViewer Exploited by Russian Cyber Actors

Mastodon has reported that TeamViewer has been exploited by Russian cyber-threat actor APT-29. The announcement reads below:

“The NCC Group Global Threat Intelligence team has been made aware of significant compromise of
the TeamViewer remote access and support platform by an APT group. Due to the widespread usage
of this software the following alert is being circulated securely to our customers.”

They further explained:

”On June 27, 2024, Health-ISAC received information from a trusted intelligence partner that APT29 is
actively exploiting Teamviewer. Health-ISAC recommends reviewing logs for any unusual remote desktop
traffic. Threat actors have been observed leveraging remote access tools.”

Team viewer is a remote access and remote control computer software, allowing maintenance of computers and other devices. It has been installed on more than two billion devices. In June 2016, hundreds of TeamViewer users reported having their computers accessed by an unauthorized address in China and bank accounts misappropriated. TeamViewer attributed the outcome to user’s “careless password use” and denied all responsibility, saying “neither was TeamViewer hacked nor is there a security hole, TeamViewer is safe to use and has proper security measures in place.

This breach however seems targeted at TeamViewer itself.

The company has not publicly acknowledged this developing story.