June 28th – TeamViewer, a prominent remote software provider, has disclosed a cyber attack linked to the Russian state-affiliated threat actor known as Midnight Blizzard/APT29.
The incident was identified on June 26th, when suspicious activity was detected within TeamViewer’s corporate IT environment.
Attack details
The company swiftly contained the attack. The threat actors have not accessed the company’s product environment or customer data.
TeamViewer’s security team emphasized the robust segregation of its corporate IT environment, production environment and connectivity platform. Such separation is critical in preventing unauthorized hacker access and lateral movement.
Attack impact
TeamViewer, in collaboration with external incident response experts, has attributed the attack to Midnight Blizzard/APT29, known for espionage and intelligence-gathering operations.
The U.S. Health Information Sharing and Analysis Center (H-ISAC) has issued a bulletin warning healthcare organizations about active exploitation of TeamViewer. The agency suggests implementing two-factor authentication, using allowlists and using blocklists, as to control access.
For more on this story, click here. Lastly, to receive cyber security thought leadership articles, groundbreaking research and emerging threat analyses each week, subscribe to the CyberTalk.org newsletter.