TeamViewer, which provides remote connectivity products and services, announced that it detected a cybersecurity event on its internal IT system on June 26, 2024. TeamViewer stated that it did not affect the TeamViewer product environment, connectivity platform, or any customer data.
A recent update by TeamViewer states: “According to current findings, the threat actor leveraged a compromised employee account to copy employee directory data, i.e., names, corporate contact information, and encrypted employee passwords for our internal corporate IT environment. We have informed our employees and the relevant authorities.”
TeamViewer is rebuilding its internal corporate IT environment.
In a July 1, 2024 post, SecurityWeek reported that TeamViewer has confirmed that the attack was launched by the Russian-based cybercriminal group known as APT29, which NCC Group and HISAC previously reported. This attack came on the heels of an attack by the same group against Microsoft, which has been alerting customers that APT29 stole customer emails during an attack against it.
APT29 is a notorious group that has attacked many US-based companies over many years, and it does not look like this threat will abate any time soon.