TeamViewer, a software company, disclosed that a compromised employee account facilitated a breach by hackers, leading to the theft of encrypted passwords. The incident, attributed to the Russian government, specifically a group known as APT29, allowed the attackers to obtain employee directory data, including names, corporate contact information, and encrypted passwords used within the company’s internal IT environment.
In an update on Sunday evening, TeamViewer confirmed that the Kremlin-backed group APT29 successfully copied this data but assured that the attackers did not access the company’s product environment or customer data. The breach, initially reported last week, appears to be contained.
“The risk associated with the encrypted passwords contained in the directory has been mitigated in collaboration with leading experts from our incident response partner Microsoft,” stated TeamViewer.
The company has reported the incident to authorities. APT29, linked to Russia’s foreign intelligence service SVR, is known for its high-profile hacking operations.
“We have enhanced authentication procedures for our employees to the highest level and implemented additional strong protection layers. Furthermore, we are rebuilding our internal corporate IT environment to ensure complete trust,” TeamViewer added.
TeamViewer’s software, widely used for remote access and control of devices, has previously been targeted by alleged Chinese hackers and has been exploited maliciously during various security incidents.
In response to the APT29 breach, multiple organizations issued warnings last week, advising TeamViewer customers to review logs for unusual remote desktop traffic and enable two-factor authentication. A healthcare security organization recommended using allowlists and blocklists to control device connections.
TeamViewer has not provided details on APT29’s specific objectives during the incident. The theft of encrypted passwords by APT29 parallels an earlier breach this year in which the same group infiltrated Microsoft’s systems, stealing authentication details, credentials, and emails from the tech giant’s senior leaders.