TeamViewer: Network segmentation hobbled Midnight Blizzard’s attack

2024-07-08 17:26

TeamViewer, the company developing the popular remote access/control software with the same name, has finished the investigation into the breach it detected in late June 2024, and has confirmed that it was limited to their internal corporate IT environment.

"Neither our separated product environment, nor the connectivity platform, nor any customer data has been touched," the company says.

After the company's security team detected anomalous activities from a standard employee account within their corporate IT environment on June 26, 2024, they moved to cut off the threat actor and discover the extent of the breach.

In the days following the discovery of the intrusion, TeamViewer confirmed that the threat actor leveraged a compromised employee account to copy employee directory data for their internal corporate IT environment, and that they believe the threat actor is Midnight Blizzard, aka APT29.

"The risk associated with the encrypted passwords contained in the directory has been mitigated in collaboration with leading experts from our incident response partner Microsoft. We hardened authentication procedures for our employees to a maximum level and implemented further strong protection layers. Additionally, we have started to rebuild the internal corporate IT environment towards a fully trusted state," the company said on June 30.

"All immediate remediation measures that we put in place regarding our internal corporate IT environment as well as the additional protection layers that we established have proven to be very effective: there was no suspicious activity in our internal corporate IT environment after our security teams blocked the attack immediately upon detection," they concluded on June 4.

News URL

https://www.helpnetsecurity.com/2024/07/08/teamviewer-breach-june-2024/

#attack #blizzard #teamviewer