TeamViewer, the prominent provider of remote access tools, has confirmed a significant cyberattack on its corporate network. This attack has been attributed to APT29, a hacking group allegedly linked to Russian intelligence. The breach, discovered on June 26, involved compromised credentials of an employee account, marking another sophisticated cyber-espionage campaign executed by state-sponsored hackers.

According to TeamViewer’s investigation, the breach began with the compromise of credentials from a standard employee account within their corporate IT environment. The company has emphasized that the attack was contained within its corporate network, assuring that their internal network and customer systems are separate. This separation is crucial in preventing the spread of the breach to customer data and product environments. Despite these assurances, the company’s investigation is ongoing.

“Current findings of the investigation point to an attack on Wednesday, June 26, tied to credentials of a standard employee account within our Corporate IT environment. Based on continuous security monitoring, our teams identified suspicious behavior of this account and immediately put incident response measures into action. Together with our external incident response support, we currently attribute this activity to the threat actor known as APT29 / Midnight Blizzard. Based on current findings of the investigation, the attack was contained within the Corporate IT environment and there is no evidence that the threat actor gained access to our product environment or customer data,” TeamViewer said in a statement.

TeamViewer’s software is extensively used by major corporations such as DHL and Coca-Cola, enabling remote access to over 2.5 billion devices globally. With more than 600,000 paying customers, the company’s reputation hinges on its ability to secure its systems and protect customer data. Martina Dier, a spokesperson for TeamViewer, declined to provide specific details on whether the company has the technical capability to determine the exact scope of data accessed, and TeamViewer has asserted that there is no evidence of customer data being compromised.

For those who are unaware, APT29, also known as Cozy Bear or Midnight Blizzard, is a notorious hacking group linked to Russia’s Foreign Intelligence Service (SVR). The group is well-known for its sophisticated and persistent cyber-espionage campaigns, often targeting high-profile organizations and government entities. APT29 employs various effective hacking techniques, including password theft, to infiltrate networks and steal sensitive data. Previous attacks attributed to APT29 include the infamous SolarWinds breach, which compromised several U.S. federal agencies by planting a hidden backdoor in SolarWinds’ software, allowing widespread access to compromised networks.

Following the announcement of the cyberattack, TeamViewer’s stock experienced a sharp decline, falling by 10% and marking its worst day since November 2023. The stock has already been under pressure, with a 25% decline year-to-date, and TeamViewer’s shares are currently priced at €10.48.