"The NCC Group Global Threat Intelligence team has been made aware of significant compromise of
the TeamViewer remote access and support platform by an APT group. Due to the widespread usage
of this software the following alert is being circulated securely to our customers."
NCC Group can't disclose the source at the time and keep investigating this. Big source, but no substance. Curious to see how this will work out. ping @campuscodi @screaminggoat
HEALTH-Isac is also saying Teamviewer is compromised, attributing it to APT29 (Cozy Bear):
“On June 27, 2024, Health-ISAC received information from a trusted intelligence partner that APT29 is
actively exploiting Teamviewer. Health-ISAC recommends reviewing logs for any unusual remote desktop
traffic. Threat actors have been observed leveraging remote access tools.
Teamviewer has been observed being exploited by threat actors associated with APT29.”
TeamViewer is working with a team of security experts after company engineers detected an "irregularity" in the TeamViewer corporate network. The corporate network is "completely independent" from the TeamViewer product environment. 'There is no evidence to suggest that the product environment or customer data is affected." The company isn't providing any additional information at the moment. https://www.teamviewer.com/en/resources/trust-center/statement/
Attached: 1 image Update confirming Russia: https://www.teamviewer.com/en/resources/trust-center/statement/
Jeffrey
Mat the Wolverine 