TeamViewer is popular remote-support software that allows you to securely share your desktop or take full control of other's PC over the Internet from anywhere in the world. With millions of users making use of its service, TeamViewer has always been a target of interest for attackers.
According to the publication, the cyber attack was launched by hackers with Chinese origin who used Winnti trojan malware, activities of which have previously been found linked to the Chinese state intelligence system.
Active since at least 2010, Winnti advanced persistent threat (APT) group has previously launched a series of financial attacks against software and gaming organizations primarily in the United States, Japan, and South Korea.
The group is known for using supply chain attacks by infecting legitimate software or servers with malicious updates to install malware on end-users' systems.
Once infected, Winnti downloads a backdoor payload on the compromised computers giving attackers the ability to remotely control the victims' computers without their knowledge.
Der Spiegel criticized TeamViewer company for not disclosing the intrusion to the public to inform its customers, many of which are using the targeted software in businesses.
However, when The Hacker News contacted the company, TeamViewer said it discovered the cyber attack "in time" soon after detecting suspicious activities and took immediate action to "prevent any major damage."
🔐 Mastering API Security: Understanding Your True Attack Surface
Discover the untapped vulnerabilities in your API ecosystem and take proactive steps towards ironclad security. Join our insightful webinar!Join the Session
TeamViewer also said both their team and the responsible authorities at that time found no evidence that customer data was stolen, or computer systems of its customers were infected.
Here's complete statement TeamViewer shared with The Hacker News:
"Like many technology leaders, TeamViewer is frequently confronted with attacks by cyber criminals. For this reason, we continuously invest in the advancement of our IT security and cooperate closely with globally renowned institutions in this field."
"In autumn 2016, TeamViewer was target of a cyber-attack. Our systems detected the suspicious activities in time to prevent any major damage. An expert team of internal and external cyber security researchers, working together closely with the responsible authorities, successfully fended off the attack and with all available means of IT forensics found no evidence that customer data or other sensitive information had been stolen, that customer computer systems had been infected or that the TeamViewer source code had been manipulated, stolen or misused in any other way."
"Out of an abundance of caution, TeamViewer conducted a comprehensive audit of its security architecture and IT infrastructure subsequently and further strengthened it with appropriate measures."
TeamViewer also confirmed The Hacker News that the reported breach is not anyhow connected to another hacking event happened in May 2016 when TeamViewer users claimed that hackers emptied their bank accounts by exploiting a flaw in the software.
Also, in a press release published at that time, TeamViewer claimed that neither the company was hacked nor there was a security hole; instead, it blamed users for carelessly using the software.