Kevin BeaumontAnyDesk may have been owned.
They just had a several day authentication outage they describe as “planned maintenance” (it wasn’t planned) and have now reemerged with a new client, with this in the update notes:
Waiting for the Friday 11pm blog dump announcing cyber incident
If anybody wants a VirusTotal search for _valid_ signed AnyDesk binaries:
signature:"philandro Software GmbH" signature:9CD1DDB78ED05282353B20CDFE8FA0A4FB6C1ECE entity:file tag:signed NOT tag:invalid-signature
I don't see any which are triggering suspect AV or behavioural triggers, going back to beginning of January.
There we go, 10pm on the dot UK time on Friday.... again.
AnyDesk breached, Crowdstrike in doing IR.
mrcsno@GossiTheDog Again? Are they getting targeted every Friday?