Skip to navigation Skip to main content Skip to footer

Threat Intelligence: TeamViewer compromised by APT29

28 June 2024

On Thursday, June 27th, NCC Group received intelligence to suggest that TeamViewer, one of the largest remote access and control software providers, had been compromised by Advanced Persistent Threat (APT) group 29.

Due to the widespread usage of TeamViewer, we issued an alert to our customers under TLP:AMBER-STRICT. We have since revised the handling conditions of this intelligence to TLP:GREEN.

APT29, also known as Cozy Bear, The Dukes, and CozyDuke, is a cyber-espionage group that is associated with the Russian Foreign Intelligence Service (SVR). APT29 has been linked to cyberattacks and intelligence gathering operations targeting government, military, think tanks, and other organisations globally.

Matt Hull, Global Head of Threat Intelligence commented:

"NCC Group is continuing its investigation into this intelligence and attempting to establish the extent of the APT’s activities. We will continue sharing detailed attack information with the relevant stakeholders that are affected by this threat actor. Our SOC teams have been placed on heightened alert for activity associated with TeamViewer.

"We advise that until further details are known about the type of compromise TeamViewer has been subjected too, removal of TeamViewer from your estate will assist in mitigating any potential compromise via this vector. We also recommend reviewing hosts that have this installed for unusual behaviour that might suggest it has already been compromised. If you are unable to remove the application, then placing those hosts with it installed under heightened monitoring may provide you with further assurance."

In an official announcement, TeamViewer confirmed that on Wednesday, June 26, 2024, their security team identified an irregularity within their internal corporate IT systems. As a response, the company promptly activated a dedicated team, initiated investigations, and implemented essential remediation measures.

Subscribe to our monthly reports and webinars for the latest on recent and emerging advances in the threat landscape and a deep understanding of the latest Tactics, Techniques and Procedures (TTPs) of threat actors.

Contact

NCC Group Press Office

All media enquires relating to NCC Group plc.

press@nccgroup.com

+44 7721577574