The developers of TeamViewer,
the widely used remote desktop software, recently confirmed a cyberattack
against the company that occurred in 2016, reported web
application security testing.
A representative of the company stated that,
after conducting an investigation, it was possible to conclude that the
cyberattack was operated by a group of government-sponsored Chinese threat
actors. “TeamViewer was the target of a cyberattack in the autumn of 2016;
the anomalous activity was detected in time, so the hackers did not manage to
do considerable damage”, the spokesman mentioned.
Although the company did not disclose the incident
in 2016, web application security testing firms and members of the
cybersecurity community claim that there is no evidence to confirm a data
breach or theft of the company’s confidential source code.
Anyways, this doesn’t mean that the company’s
networks were safe; web application security testing managed to infiltrate
TeamViewer systems since 2014, achieving a persistence of up to two years; In
addition, experts report that attackers used a backdoor
trojan known as Winnti, commonly linked to Chinese government-sponsored hacker
groups.
According to experts from the International
Institute of Cyber Security (IICS) this backdoor is gradually becoming more
popular among the cybercrime community, so it is likely that its developers
have sold or shared with other threat groups, so it is difficult to say with
certainty that is behind the attack on TeamViewer.
Although there is nothing certain, the
researchers say that, based on the mode of operation of the attack, it is
likely to have to do with the malicious hacker groups known as APT 10 and APT
17, both linked to the Chinese government and specialized in attacks against supply
chains and implementations in the cloud.
Just a few months ago, TeamViewer caught the
attention of cyber-security specialists, but not for the right reasons;
versions of the software have often been used to exploit vulnerabilities or
inject malware into a system to take control of the compromised computers.
