TeamViewer attributes security incident to Russian APT group Midnight Blizzard
June 28, 2024 – Published on SC Magazine
TeamViewer confirmed on its Trust Center June 28 that it experienced a cyberattack tied to the credentials of a standard employee account within its internal corporate IT network. In the security advisory, TeamViewer said the attack took place on Wednesday, June 26 and has been attributed to the state-sponsored Russian group Midnight Blizzard, also known as Cozy Bear and APT29.
Security pros raised concerns because Midnight Blizzard was also in the news today due to more Microsoft customers being confirmed to have had their emails compromised by the group as part of an attack against Microsoft executives’ emails. The attacks on Microsoft accounts were disclosed in January, some of which resulted in unauthorized access to correspondence from U.S. government agencies.
TeamViewer maintained that there’s no evidence that the threat actor gained access to its product environment or customer data. The company said TeamViewer’s corporate IT environment runs separately from its product environment.
Jason Baker, senior security consultant at GuidePoint Security, added that TeamViewer would be less likely to hold substantial value to Midnight Blizzard as a standalone intelligence collection target.
“Still, its targeting for reconnaissance purposes or attempted supply chain compromise against downstream customers is plausible,” explained Baker. “In the near term, we’re monitoring for additional updates from TeamViewer that suggest access or impact against the product environment, as this would be a more significant concern for customers and clients.”
Read More HERE.