TeamViewer, the company behind widely used remote access tools, has confirmed an ongoing cyberattack on its corporate network. In a statement on Friday, the company attributed the breach to government-backed hackers from Russian intelligence, specifically APT29 (also known as Midnight Blizzard).

 

The Germany-based company reported that the initial intrusion occurred on June 26, using credentials from a standard employee account within its corporate IT environment.

 

TeamViewer assured that the cyberattack was “contained” to its corporate network and emphasized that its internal network is kept separate from customer systems. The company stated that there is “no evidence that the threat actor gained access to our product environment or customer data.”

 

Martina Dier, a spokesperson for TeamViewer, declined to answer questions from TechCrunch regarding the company’s ability to determine whether any data was accessed or exfiltrated from its network.

 

TeamViewer is a popular provider of remote access tools, serving corporate customers like DHL and Coca-Cola. The company claims to have over 600,000 paying customers and facilitates remote access to more than 2.5 billion devices globally. However, TeamViewer is also known to be exploited by malicious hackers for remotely planting malware on victims’ devices.

 

APT29, linked to Russia’s foreign intelligence service (SVR), is known for persistent and well-resourced espionage campaigns. The group employs simple but effective hacking techniques, such as stealing passwords, to conduct long-term stealthy operations that focus on obtaining sensitive data.


Recently, APT29 has targeted other tech companies, including Microsoft. Earlier this year, the same group compromised Microsoft’s corporate network, stealing emails from top executives to learn about the hackers themselves. Microsoft reported that other tech companies were also affected during this Russian espionage campaign, and the U.S. cybersecurity agency CISA confirmed that federal government emails hosted on Microsoft’s cloud were stolen.


Months later, Microsoft revealed difficulties in expelling the hackers from its systems, describing the campaign as a “sustained, significant commitment” of Russian government resources, coordination, and focus.


The U.S. government also held APT29 responsible for the 2019-2020 espionage campaign targeting U.S. software firm SolarWinds. This cyberattack involved planting a hidden malicious backdoor in SolarWinds’ flagship software, allowing Russian hackers access to networks running the compromised software, including the Treasury, Justice Department, and the Department of State.