Chinese state-sponsored hackers breached German software maker TeamViewer in 2016, the company confirmed today to ZDNet after a report by German newspaper Der Spiegel. TeamViewer said it detected and stopped the attack before hackers could do any damage.
“In autumn 2016, TeamViewer was the target of a cyber-attack,” a TeamViewer spokesperson said via email. “Our systems detected the suspicious activities in time to prevent any major damage.”
The TeamViewer spokesperson told ZDNet that an investigation was conducted at the time, but did not find any evidence of abuse.
“An expert team of internal and external cyber security researchers, working together closely with the responsible authorities, successfully fended off the attack and with all available means of IT forensics found no evidence that customer data or other sensitive information had been stolen, that customer computer systems had been infected or that the TeamViewer source code had been manipulated, stolen or misused in any other way,” the company said in an email.
HACKERS DEPLOYED WINNTI MALWARE
According to Der Spiegel, the hackers who breached TeamViewer’s network had used Winnti, a backdoor trojan historically known to be in the arsenal of Beijing state hackers.
The malware was first seen in 2009 and was initially used just by one group of Chinese hackers — which security researchers also started referencing as the Winnti group.
However, this changed in recent years when security researchers began to see the Winnti malware in attacks linked to multiple different Chinese-linked threat actors, according to reports from ProtectWise 401 TRG and Chronicle.
“The underlying hypothesis is that the malware itself may be shared (or sold) across a small group of actors,” the Chronicle team said in a report published earlier this week.
This makes it impossible, at least for now, to know which of the many Chinese state-sponsored hacking groups was responsible for the TeamViewer intrusion.
However, there are two Chinese hacking groups that fit this attack pattern, and they are APT 10 (a group focused on hacking cloud-based service providers) and APT17 (a group focused on supply-chain attacks).
TeamViewer is one of the world’s largest provider of remote control and desktop sharing software. Its services are used by millions of users and large corporations.
Hackers have always targeted TeamViewer because of the access the company’s service can provide, in the case of a successful breach.
When they don’t target the company directly, hackers also often brute-force their way into users accounts. Months before the successful Winnti hack in the fall of 2016, TeamViewer had faced a wave of user account hijacks, which many customers reported as originating from Chinese IP addresses.
Code Execution Vulnerability Identified in Change Healthcare Cardiology DevicesA vulnerability has been identified in Change Healthcare Cardiology, McKesson Cardiology, and Horizon Cardiology devices. The vulnerability could be exploited by a locally authenticated...
29% of Small Businesses Spend Less Than $1,000 on IT Security Annually and Why They Are The Most Targeted
29% of Small Businesses Spend Less Than $1,000 on IT Security Annually and Why They Are The Most TargetedThe digital and network footprint of small businesses is continually growing. Online commerce, social media, remote workers, and cloud-based IT infrastructure are...
What Other Companies Can Learn from Facebook’s $5 Billion Fine and Why Privacy MattersWhile Facebook’s $5 billion settlement stands as the largest fine in the history of the Federal Trade Commission (FTC), one must take into consideration that not every company is...
Stay Up to Date With The Latest News & Updates
Join Our Newsletter
Get weekly tech updates and immediate alerts when there is a zero-day or security issue!