TeamViewer says it was Russian intelligence that broke into its systems this week.

Yesterday, the remote-desktop software maker said it detected an "irregularity" within its corporate IT network on Wednesday without adding much more detail.

Now it says, with the help of outside cybersecurity investigators, it reckons Russia's Cozy Bear cyber-spies, aka APT29 and Midnight Blizzard, sneaked into its network using a worker's login. This confirms earlier whispering in the infosec industry that not only did a nation state crew slip into TeamViewer but that it was the infamous Cozy Bear.

"Current findings of the investigation point to an attack on Wednesday, June 26, tied to credentials of a standard employee account within our corporate IT environment," TeamViewer said in its latest statement.

"Based on continuous security monitoring, our teams identified suspicious behavior of this account and immediately put incident response measures into action.

"Together with our external incident response support, we currently attribute this activity to the threat actor known as APT29 / Midnight Blizzard."

That's the same Kremlin unit that hit the US Democratic National Committee in the 2010s, and more recently compromised Microsoft's computer network and stole internal emails and files from its executives and staff, among other targets. It's the same crew that pulled off the SolarWinds backdoor and has been raiding cloud accounts. It's on a tear.

According to TeamViewer, its encounter with the Russians was limited to its non-production systems, which is the biz's way of asking people not to panic and assume the snoops will definitely be able to get into their PCs via TeamViewer.

"Based on current findings of the investigation, the attack was contained within the corporate IT environment and there is no evidence that the threat actor gained access to our product environment or customer data," the developer said.

TeamViewer went on to briefly describe its network setup, again to reassure punters:

And just as we were preparing this story for press, the German outfit told us its ongoing probe into the snafu has "strengthened our assessment that the attack was contained within TeamViewer’s internal corporate IT environment and did not touch the product environment, our connectivity platform, or any customer data. We therefore reconfirm our previous statements."

We're promised more updates from the biz.

TeamViewer says it has more than 600,000 customers, who use its software and web app to remotely control and manage Windows PCs and other machines. It would be a huge coup for Russia if it were able to compromise something like TeamViewer to the extent it could gain follow-up access to organizations' computers around the world - and terrible news for the rest of us.

We can see why TeamViewer is a fantastic target for the Kremlin. ®

https://www.theregister.com//2024/06/28/teamviewer_russia/