TeamViewer attributes safety incident to Russian APT group Midnight Blizzard – Cyber Tech

TeamViewer confirmed on its Belief Heart June 28 that it skilled a cyberattack tied to the credentials of a normal worker account inside its inner company IT community.

Within the safety advisory, TeamViewer mentioned the assault passed off on Wednesday, June 26 and has been attributed to the state-sponsored Russian group Midnight Blizzard, often known as Cozy Bear and APT29.

Safety execs raised considerations as a result of Midnight Blizzard was additionally within the information at present because of extra Microsoft clients being confirmed to have had their emails compromised by the group as a part of an assault towards Microsoft executives’ emails. The assaults on Microsoft accounts had been disclosed in January, a few of which resulted in unauthorized entry to correspondence from U.S. authorities companies.

Midnight Blizzard has been related to a number of high-profile intrusions since 2008, together with the 2015 compromise of the Democratic Nationwide Committee and the 2020 SolarWinds incident. Most just lately, 2023-2024 assaults towards Microsoft and Hewlett Packard Enterprise have been attributed to Midnight Blizzard, with the group probably accessing and exfiltrating delicate data from mailboxes.

There was additionally concern simply from the mere proven fact that Germany-based TeamViewer has a robust put in base of greater than 600,000 clients worldwide. Corporations and people use the platform to conduct distant entry classes.

TeamViewer maintained that there’s no proof that the menace actor gained entry to its product surroundings or buyer information. The corporate mentioned TeamViewer’s company IT surroundings runs individually from its product surroundings.

The latest TeamViewer incident showcases Midnight Blizzard’s mastery of superior 3D phishing methods, defined Stephen Kowski, discipline CTO at SlashNext. Kowski mentioned by seamlessly mixing meticulously crafted textual content messages, Microsoft Groups messages and e-mail phishing, the menace actors have proven they’ll create a multi-channel assault that is extremely troublesome to detect and defend towards.

Kowski added that with 3D phishing on the rise, it’s essential for organizations to undertake a multi-layered method to phishing. This contains implementing AI-powered options able to analyzing and flagging anomalies throughout varied communication channels, conducting common safety audits, and most significantly, investing in complete worker coaching.

“By staying vigilant and leveraging cutting-edge safety applied sciences, we are able to higher defend ourselves towards these more and more immersive and misleading assaults,” mentioned Kowski. “Keep in mind, within the face of such subtle threats, our greatest protection is a proactive, adaptive, and technologically-advanced safety posture.”

Jason Baker, senior safety guide at GuidePoint Safety, added that TeamViewer can be much less more likely to maintain substantial worth to Midnight Blizzard as a standalone intelligence assortment goal.

“Nonetheless, its concentrating on for reconnaissance functions or tried provide chain compromise towards downstream clients is believable,” defined Baker. “Within the close to time period, we’re monitoring for extra updates from TeamViewer that recommend entry or influence towards the product surroundings, as this may be a extra vital concern for purchasers and purchasers.”