Incidents

FireEye confirms that APT41 Group hacked TeamViewer; attackers might have accessed billions of devices

By root

Posted on October 14, 2019

A report from web application security specialists claims that the company in charge of developing TeamViewer, the popular system remote control software, was a victim of hacking. According to the reports, attackers could control any computer that has logged into this service for perform arbitrary activities. The report reveals that TeamViewer was hacked in 2016, an incident that led to the theft of financial information from many users in as little as 24 hours.

Christopher Glyer, a researcher at security
firm FireEye,
revealed the incident via Twitter, further stating that users’ passwords are
being leaked too. According to this firm, the hacking incident is the
responsibility of the APT41 group, operating from Asia, specifically from China,
and which has been linked to multiple high-profile malicious hacking
operations.

**new reveal** Recently found new APT41 malware family on a Linux system at a telecom we’ve named MESSAGETAP.

This enabled APT41 track/monitor monitor phone call and SMS records either based on specific IMSI numbers or keywords for SMS terms#FireEyeSummit pic.twitter.com/wiBUCW1hp3

— Christopher Glyer (@cglyer) October 10, 2019

“This group of hackers uses highly
sophisticated malware variants, primarily developed for espionage, so we
consider it unlikely that any State is sponsoring its operations,” Glyer
says.

The web application security expert adds that,
based on detected activities and attack methods, in addition to the unusual
interest that APT41 has shown in attacking the video game industry, its attacks
could not be politically motivated; instead, they’re focused on economic gains.

Although additional details such as how long
this hacking campaign has been active are still unknown, FireEye is one of the
companies with the most credibility among the cybersecurity community, so many
are already wondering what they can do to secure their TeamViewer
implementations.

Unfortunately, this is not the first time
TeamViewer is the victim of threat actors. About four years ago, web
application security specialists from the International Institute of Cyber
Security (IICS) reported that a hacker group managed to install a backdoor in
various TeamViewer implementations to extract confidential information.

To date the developer company continues to deny
the incident, ensuring that users’ passwords were extracted through other
compromised applications.

Related Items:APT41, china, cybersecurity, FireEye, Hacking

MrHacker

FireEye confirms that APT41 Group hacked TeamViewer; attackers might have accessed billions of devices

Latest News

Russian APT Deploys New ‘Kapeka’ Backdoor in Eastern European Attacks

Critical Atlassian Flaw Exploited to Deploy Linux Variant of Cerber Ransomware

Hackers Exploit Fortinet Flaw, Deploy ScreenConnect, Metasploit in New Campaign

Compromising Cryptographic Key Security Through PuTTY: A Deep Dive into CVE-2024-31497

TA558 Hackers Weaponize Images for Wide-Scale Malware Attacks

Links

Pin It on Pinterest