On 2 February 2024, AnyDesk confirmed a compromise of its production systems in a security advisory, leading the company to revoke all security-related keys, including the cryptographic code-signing certificate used to publish their software. As an additional precaution, AnyDesk also reset user passwords on the AnyDesk web portal.
AnyDesk has started using a new code signing certificate as of AnyDesk version 8.0.8. While no evidence of end-user impact has been identified by AnyDesk at this time, the company strongly recommends upgrading to the updated version.
This is a developing situation, and the objectives of this malicious campaign are not yet fully known. Arctic Wolf will continue to monitor the threat landscape for any further developments regarding this compromise.
Recommendations
Update to the Latest Version of AnyDesk
Arctic Wolf strongly recommends updating to the latest version of AnyDesk software. While update instructions are not provided on their security advisory page, the software is listed under the downloads section of their website.
Affected Product | Affected Versions | Fixed Version |
AnyDesk | Prior to 8.0.8 | 8.0.8 |
Please follow your organisation’s patching and testing guidelines to avoid any operational impact.
Reset Passwords on Sites Using Same Credentials as AnyDesk Web Portal Account
As a precautionary measure, AnyDesk reset the passwords of all users of their web portal. While no unauthorsed credential access has been reported by the company, as a security best practice it is recommended to reset the passwords of any accounts on other sites using the same password as the AnyDesk web portal account to avoid credential stuffing attacks.