On 26 June 2024, TeamViewer published a statement disclosing they detected an irregularity in TeamViewer’s internal corporate IT environment. TeamViewer is an organisation that provides remote access software for devices and is extensively utilised by businesses and individuals globally.
Upon detecting the incident on 26 June, TeamViewer immediately activated their response team and procedures and started investigations while implementing necessary remediation measures. TeamViewer had also initially claimed there was no evidence to suggest that the product environment or customer data is affected, as they are completely independent from the corporate IT environment.
On 28 June TeamViewer reported the attack was linked to a standard employee account within their corporate IT environment. Following their investigations, they attributed the attack to the APT29/Midnight Blizzard threat actor. Investigations are ongoing and TeamViewer will continue to update the status of their investigation as new information becomes available.
According to the latest updates from TeamViewer’s investigation, the attack was contained within TeamViewer’s Corporate IT environment and there is no evidence that the threat actor gained access to TeamViewer’s product environment or customer data.
Recommendation
Follow TeamViewer For Status Updates
At this time, TeamViewer has not advised customers of specific actions to be taken in their environments in relation to the reported cyber incident. Arctic Wolf will continue to monitor our sources for new intelligence and provide updates as soon as they become available.
References
