Chinese cyberspies breached TeamViewer in 2016


Chinese language state-sponsored hackers breached German instrument maker TeamViewer in 2016, the corporate showed nowadays to ZDNet after a record by means of German newspaper Der Spiegel.

“In autumn 2016, TeamViewer used to be goal of a cyber-attack,” a TeamViewer spokesperson mentioned by the use of e-mail. “Our methods detected the suspicious actions in time to forestall any main harm.”

The TeamViewer spokesperson advised ZDNet that an investigation used to be performed on the time, however didn’t in finding any proof of abuse.

“A professional group of inner and exterior cyber safety researchers, running in combination carefully with the accountable government, effectively fended off the assault and with all to be had manner of IT forensics discovered no proof that buyer knowledge or different delicate data were stolen, that buyer laptop methods were inflamed or that the TeamViewer supply code were manipulated, stolen or misused in every other means,” the corporate mentioned in an e-mail.

The corporate’s commentary is against what Der Spiegel reported, with the German newspaper claiming Chinese language hackers were provide within TeamViewer’s community since 2014.

Hackers deployed Winnti malware

In keeping with Der Spiegel, the hackers who breached TeamViewer’s netwok had used Winnti, a backdoor trojan traditionally identified to be within the arsenal of Beijing state hackers.

The malware used to be first observed in 2009, and used to be first of all used simply by one staff of Chinese language hackers — which safety researchers additionally began referencing because the Winnti staff.

On the other hand, this modified in recent times when safety researchers started to look the Winnti malware in assaults related to more than one other Chinese language-linked risk actors, in step with stories from ProtectWise 401 TRG and Chronicle.

“The underlying speculation is that the malware itself is also shared (or offered) throughout a small staff of actors,” the Chronicle group mentioned in a record revealed previous this week.

This makes it unattainable, a minimum of for now, to grasp which of the various Chinese language state-sponsored hacking teams used to be accountable for the TeamViewer intrusion.

On the other hand, there are two Chinese language hacking teams that are compatible this assault trend, and they’re APT 10 (a gaggle thinking about hacking cloud-based provider suppliers) and APT17 (a gaggle thinking about supply-chain assaults).

TeamViewer is likely one of the global’s biggest supplier of far off regulate and desktop sharing instrument. It is products and services are utilized by hundreds of thousands of customers and massive firms. Hackers have at all times focused TeamViewer on account of the get admission to the corporate’s provider can give, on the subject of a a hit breach. When they do not goal the corporate immediately, hackers additionally incessantly brute-force their means into customers accounts. Months prior to the a hit Winnti hack within the fall of 2016, TeamViewer had confronted a wave of consumer account hijacks, which many shoppers reported as originating from Chinese language IP addresses.

TeamViewer isn’t the one German corporate that has been hacked and inflamed with the Winnti malware over the last 3 years.

German metal manufacturer ThyssenKrupp disclosed a equivalent incident in 2016, and pharmaceutical massive Bayer simply admitted final month to a 2018 hack all over which the Winnti malware used to be additionally deployed.

Similar malware and cybercrime protection:

Leave a Reply

Your email address will not be published. Required fields are marked *