News, news analysis, and commentary on the latest trends in cybersecurity technology.

TeamViewer Credits Network Segmentation for Rebuffing APT29 Attack

Despite warnings from Health-ISAC and the NCC Group, the remote access software maker says defense-in-depth kept customers' data safe from Midnight Blizzard.

Dark Reading Staff, Dark Reading

June 28, 2024

2 Min Read
A hand comes in to block falling dominoes to set off three lines of upright dominoes
Source: Tuta via Alamy Stock Photo

This week, TeamViewer said that while the Russian group APT29, aka Midnight Blizzard, managed to access its corporate network, the threat actors were limited to the company's internal IT network because of "strong segmentation" between its environments. Thus, no customers were affected.

In public statements on June 27 (reiterated today), the German maker of remote desktop software said, "[W]e keep all servers, networks, and accounts strictly separate to help prevent unauthorized access and lateral movement between the different environments. This segregation is one of multiple layers of protection in our 'defense in-depth' approach."

Defense-in-depth is a set of basic techniques, including network segmentation, that the US government consistently urges people to implement. Others include network monitoring, multifactor authentication, and access control lists.

Even so, because of the potential mischief a bad actor with desktop access can wreak, TeamViewer users should up their security game, according to industry groups. The NCC Group, which originally issued a warning under an amber/limited classification but then changed it to green/public, advised its customers that, while awaiting final confirmation of the extent of compromise, they remove TeamViewer from their systems if possible and closely monitor hosts that had the application installed if not.

The Health Information Sharing and Analysis Center (H-ISAC) meanwhile issued similar advice to the healthcare sector, adding that organizations should implement two-factor authentication (2FA) and allowlists/blocklists to control who gets to access systems via TeamViewer.

Stakes are particularly high for remote access application security because of the legitimate access to users' systems such software provides. In January, Huntress reported that two hacking attempts started with TeamViewer instances, and there is a long history of attackers using remote desktop software to implant malware. The apparently limited impact of the latest incident shows the value of defense-in-depth techniques to limit the effect of intrusions.

About the Author(s)

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights