TeamViewer SE, the developer of a widely-used application for remotely accessing computers, has experienced a network breach.

The company disclosed the incident on Thursday. In a follow-up update published today, TeamViewer attributed the cyberattack to APT29, a Russian state-backed hacking group. The group was responsible for the 2020 hacking campaign that targeted SolarWinds Corp. customers through malicious software updates.

Germany-based TeamViewer provides a popular remote access platform of the same name. The software allows technical support professionals to remotely log into a user’s computer and carry out troubleshooting. TeamViewer includes a file sharing feature, as well as a sketching tool for pointing out items of interest on the screen of the user receiving support.

TeamViewer also sells a specialized version of its platform called TeamViewer Assist AR. Using the software, technicians carrying out equipment maintenance at locations such as factories can share technical data with remote colleagues and request guidance. TeamViewer says that its products have more than 640,000 customers including Coca-Cola Co., DHL Group and other large enterprises.

According to BleepingComputer, word of the breach first emerged earlier this week when a Telegram user shared an alert from the Dutch Digital Trust Center. This is an online portal that organizations in the Netherlands use to share data about hacker activity. TeamViewer later confirmed the incident in a blog post.

The company says that its cybersecurity team first detected the breach on Wednesday. The hackers gained access using the “credentials of a standard employee account,” it detailed in the post. “We immediately activated our response team and procedures, started investigations together with a team of globally renowned cyber security experts and implemented necessary remediation measures.”

The company believes that the hackers only gained access to its “internal corporate IT environment.” This environment is operated separately from the infrastructure that powers TeamViewer’s remote access application. According to the company, its cybersecurity team has so far found no that the hackers accessed its product environment or customer data.

Health-ISAC, an industry group that helps healthcare organizations share information about cyberattacks with one another, issued an alert about the breach to its members. The alert detailed that the group had “received information from a trusted intelligence partner that APT29 is actively exploiting Teamviewer”. Health-ISAC advised member organizations to review system logs for signs of unusual desktop access attempts.

On its website, TeamViewer pledged to provide updates about its breach investigation as new details come to light. 

Image: TeamViewer