TeamViewer has only confirmed now that Chinese state-sponsored hackers targeted the company in 2016.
The Germany-based company behind the world-famous remote desktop software TeamViewer has confirmed that in 2016 TeamViewer software was compromised.
The confirmation comes right after the report published by Der Speigel, a German newspaper, regarding a successful cyber attack on TeamViewer.
While communicating with Der Spiegel via email, TeamViewer’s spokesperson stated that most likely the attack was launched by Chinese state-sponsored cybercriminals.
“In autumn 2016, TeamViewer was the target of a cyber-attack. Our systems detected the suspicious activities in time to prevent any major damage,” TeamViewer’s spokesperson said.
The company, however, didn’t disclose the attack back in 2016. It is alleged that Chinese hackers used the Winnti backdoor to compromise the software.
TeamViewer’s spokesperson told Der Spiegel that the cyber attack was identified timely and the threat actors couldn’t do much damage. Moreover, there is a consensus among experts, investigators, and the company that there wasn’t any evidence found of data theft and the attackers also couldn’t compromise or steal the source code of the software despite being able to access it.
“An expert team of internal and external cyber security researchers, working together closely with the responsible authorities, successfully fended off the attack and with all available means of IT forensics found no evidence that customer data or other sensitive information had been stolen, that customer computer systems had been infected or that the TeamViewer source code had been manipulated, stolen or misused in any other way,” read the email sent by TeamViewer.
However, Der Spiegel reports that Chinese hackers managed to infiltrate the network of TeamViewer way back in 2014 and it stayed compromised until 2016. Winnti backdoor Trojan was used to perform the compromise, which traditionally is linked with Chinese state-sponsored hackers. Winnti was deployed for the first time in 2009 and only one Chinese hacker group was known to use it, which is why the group was dubbed as the Winnti group.
I am suddenly reminded of this ridiculous conversation I had with the “PR manager” at TeamViewer back in 2016 where he blatantly denied any hack at all and instead blamed users for poor password hygiene. https://t.co/PezURzEpmZ https://t.co/2SGq31e9x0
— Eric Capuano (@eric_capuano) May 18, 2019
Recently, security researchers have observed the growing popularity of Winnti backdoor among other Chinese hacker groups and it has been used in several Chinese hackers’ operated cyberattacks. It is possible that the malware got shared or sold to a wide range of small threat groups over the years. Hence, it is currently impossible to claim which of the many Chinese state-sponsored hacker groups are responsible for attacking TeamViewer.
Researchers revealed that the attack pattern hint towards the involvement of two groups, the notorious APT 10 and APT 17. Both are Chinese hacking collectives. APT 10 usually focuses on targeting cloud-based service providers while APT17 usually launches supply-chain attacks.
This is not the first time when TeamViewer is in news for all the wrong reasons. Just last month, hackers were found using a trojanized version of TeamViewer to target embassies. In January this year, a malicious version of TeamViewer tool was being used by cyber criminals to spread malware while in 2017, TeamViewer vulnerability was exploited to take full control of PCs.
