TeamViewer reports that this week's breach of their business network may be caused by Midnight Blizzard, a Russian state-sponsored hacking group. According to reports, there was a breach in TeamViewer, and cybersecurity professionals and healthcare organisations started alerting clients and organisations to the need to watch their connections. Experts warned stakeholders to keep an eye out for any odd connections that might be signs that threat actors are trying to leverage the TeamViewer breach to access further networks, as the extent of the cybersecurity incident was unknown.
TeamViewer has shared an updated statement, stating that they attribute the attack to Midnight Blizzard (APT29, Nobelium, Cozy Bear). TeamViewer says they believe their internal corporate network, not their production environment, was breached on Wednesday, June 26, using an employee's credentials.
"Current findings of the investigation point to an attack on Wednesday, June 26, tied to credentials of a standard employee account within our Corporate IT environment. Based on continuous security monitoring, our teams identified suspicious behavior of this account and immediately put incident response measures into action. Together with our external incident response support, we currently attribute this activity to the threat actor known as APT29 / Midnight Blizzard." reads the updated TeamViewer statement.
The company stressed that their investigation has shown no indication that the production environment or customer data was accessed in the attack and that they keep their corporate network and product environment isolated from each other.
As per TeamViewer's statement, "Following best-practice architecture, we have a strong segregation of the Corporate IT, the production environment, and the TeamViewer connectivity platform in place. This means we keep all servers, networks, and accounts strictly separate to help prevent unauthorized access and lateral movement between the different environments. This segregation is one of multiple layers of protection in our 'defense in-depth' approach."
While this is reassuring to TeamViewer customers, it is common in incidents like this for more information to come out later as the investigation progresses. This is especially true for a threat actor as advanced as Midnight Blizzard. Therefore, it is recommended that all TeamViewer customers enable multi-factor authentication, set up an allow and block list so only authorized users can make connections, and monitor their network connections and TeamViewer logs.
See What’s Next in Tech With the Fast Forward Newsletter
Tweets From @varindiamag
Nothing to see here - yet
When they Tweet, their Tweets will show up here.
