AnyDesk Confirms Unauthorized Access to Production Systems

Share :

On February 2, 2024, AnyDesk confirmed a compromise of its production systems in a security advisory, leading the company to revoke all security-related keys, including the cryptographic code-signing certificate used to publish their software. As an additional precaution, AnyDesk also reset user passwords on the AnyDesk web portal. 

AnyDesk has started using a new code signing certificate as of AnyDesk version 8.0.8. While no evidence of end-user impact has been identified by AnyDesk at this time, the company strongly recommends upgrading to the updated version. 

This is a developing situation, and the objectives of this malicious campaign are not yet fully known. Arctic Wolf will continue to monitor the threat landscape for any further developments regarding this compromise. 

Recommendations 

Update to the Latest Version of AnyDesk

Arctic Wolf strongly recommends updating to the latest version of AnyDesk software. While update instructions are not provided on their security advisory page, the software is listed under the downloads section of their website. 

Affected Product  Affected Versions  Fixed Version 
AnyDesk   Prior to 8.0.8   8.0.8  

 

Please follow your organization’s patching and testing guidelines to avoid any operational impact. 

Reset Passwords on Sites Using Same Credentials as AnyDesk Web Portal Account

As a precautionary measure, AnyDesk reset the passwords of all users of their web portal. While no unauthorized credential access has been reported by the company, as a security best practice it is recommended to reset the passwords of any accounts on other sites using the same password as the AnyDesk web portal account to avoid credential stuffing attacks. 

References 

Stefan Hostetler

Stefan Hostetler

Stefan is a Senior Threat Intelligence Researcher at Arctic Wolf. With over a decade of industry experience under his belt, he focuses on extracting actionable insight from novel threats to help organizations protect themselves effectively.
Share :
Table of Contents
Categories
Subscribe to our Monthly Newsletter