FireEye confirms APT41 hacked TeamViewer, may have accessed billions of devices
A report from web application security specialists claims that the company in charge of developing TeamViewer, the popular system remote control software, was a victim of hacking. According to the reports, attackers could control any computer that has logged into this service for perform arbitrary activities. The report reveals that TeamViewer was hacked in 2016, an incident that led to the theft of financial information from many users in as little as 24 hours.
Christopher Glyer, a researcher at security firm FireEye, revealed the incident via Twitter, further stating that users’ passwords are being leaked too. According to this firm, the hacking incident is the responsibility of the APT41 group, operating from Asia, specifically from China, and which has been linked to multiple high-profile malicious hacking operations.
“This group of hackers uses highly sophisticated malware variants, primarily developed for espionage, so we consider it unlikely that any State is sponsoring its operations,” Glyer says.
The web application security expert adds that, based on detected activities and attack methods, in addition to the unusual interest that APT41 has shown in attacking the video game industry, its attacks could not be politically motivated; instead, they’re focused on economic gains.
Although additional details such as how long this hacking campaign has been active are still unknown, FireEye is one of the companies with the most credibility among the cybersecurity community, so many are already wondering what they can do to secure their TeamViewer implementations.
Unfortunately, this is not the first time TeamViewer is the victim of threat actors. About four years ago, web application security specialists from the International Institute of Cyber Security (IICS) reported that a hacker group managed to install a backdoor in various TeamViewer implementations to extract confidential information.
To date the developer company continues to deny the incident, ensuring that users’ passwords were extracted through other compromised applications.
from Hacker News https://ift.tt/2MT8oA3