close
close

Teamviewer publishes update on investigation after cyber attack

TeamViewer, the world’s leading provider of remote connectivity solutions, has provided an update on the cyberattack detected on June 26, 2024.

The company has completed the main response and investigation phase of the incident and confirmed that the security breach was limited to the company’s internal IT environment.

Secured data integrity

Eight days after the cybersecurity incident was first discovered, TeamViewer, in collaboration with leading cybersecurity experts at Microsoft, has reconfirmed that the attack did not impact the company’s product environment, connectivity platform, or customer data.

This assurance is a relief for millions of users who rely on TeamViewer software for secure remote access and support.

The company explains: “These results confirm that our software solutions have always been safe to use. We appreciate our customers’ continued trust in our products, our security posture and our incident response capabilities.”

Join our free webinar to learn about combating slow DDoS attacks, a major threat today.

Security measures and response

TeamViewer’s rapid response to the incident included immediate remediation measures and the implementation of additional layers of protection.

The company has not reported any suspicious activity in its internal IT environment since blocking the attack.

The investigation revealed that the threat actor used a compromised employee account to access the company’s internal IT environment.

The attackers copied data from the employee directory, including names, company contact information, and encrypted employee passwords.

However, Microsoft cybersecurity experts have mitigated the risk associated with these encrypted passwords.

TeamViewer has since tightened its employee authentication procedures and implemented stronger layers of protection.

The company has also rebuilt its internal IT environment to ensure a fully trusted state.

Despite completion of the main investigation phase, TeamViewer remains vigilant.

The company is closely monitoring the situation and maintaining a robust security posture.

“Security remains a core part of our DNA and we will continue to invest in our world-class cybersecurity posture as we have done over the past few years,” the statement said.

Timeline of events

26 June 2024: TeamViewer’s security team identified an anomaly in the company’s internal IT environment. Immediate response measures were initiated and investigations were launched with the help of globally recognized cybersecurity experts.

27 June 2024: TeamViewer confirmed that the attack was limited to the company’s IT environment and did not impact the product environment or customer data. The company attributed the activity to the threat actor known as APT29/Midnight Blizzard.

June 28, 2024: Further investigations again confirmed that the attack was limited to the company’s internal IT environment. TeamViewer continued to work with cybersecurity experts and relevant authorities to supplement the evidence collected.

June 30, 2024: TeamViewer reconfirmed that the attack did not affect the product environment, the connectivity platform or customer data. The company informed employees and relevant authorities and began rebuilding the company’s internal IT environment.

July 4, 2024: TeamViewer completed the main phase of incident response and investigation and confirmed that the incident was limited to the company’s internal IT environment. The company assured customers that its software solutions were safe to use throughout the incident.

TeamViewer’s transparent communication and quick response to the cyberattack demonstrated its commitment to security.

The company’s proactive measures and collaboration with leading cybersecurity experts have ensured the integrity of its systems and the security of customer data.

As TeamViewer continues to monitor the situation, customers can continue to trust the security of the company’s remote connectivity solutions.

"Is Your System Under Attack? Try Cynet XDR: Automated Detection & Response for Endpoints, Networks, & Users!"- Free Demo