TeamViewer reportedly hit by Chinese hackers in 2016

News by Robert Abel

News reports say Chinese hackers were able to infiltrate its networks in 2014, while the company claims that the attack took place two years later

TeamViewer announced it was the victim of a cyber-attack that took place in 2016, although some sources claim that hackers were in the firm’s network as early as 2014.

The data breach was reportedly the result of threat actors exploiting the recently patched Winnti backdoor trojan, a malware first seen used by a group of Chinese hackers that has since been referenced as the Winnti group.

"In Autumn 2016, TeamViewer was the target of a cyber-attack," a TeamViewer spokesperson told SC Media via email. "Our systems detected the suspicious activities in time to prevent any major damage."

The company went on to say that both internal and external investigators found that the firm’s information was not accessed or manipulated in anyway and that the company had successfully fended off the attack. In addition, the company conducted a comprehensive audit of its IT security architecture to further strengthen it.

The German newspaper Der Speigel claimed the Chinese hackers were able to infiltrate TeamViewers networks back in 2014, in contradiction to TeamViewer’s claims that the attack took place in 2016.

TeamViewer told the publication that the cyberattack was identified on time and that there was no evidence that customer data or source code was compromised despite the threat actor’s access.

In July 2016, TeamViewer users took to Reddit and other platforms to report that their accounts had been compromised as services went offline with server issues. At the time, TeamViewer denied the claims and it was experiencing service problems as a result of server issues.

Users claimed that both PayPal and bank accounts had been hacked but TeamViewer denied that they were related to the company’s server issues.

Nathan Wenzler, senior director of Cybersecurity at Moss Adams, said the attack fits the pattern of what we have seen from most of the Chinese nation-state sponsored hacking groups.  

"It’s common to see APTs like this stay silent after the initial breach for years, waiting until an opportune time presents itself to become active," Wenzler said. "These stealthy behaviours make it much more difficult for defenders to notice abnormal patterns of activity on their networks, making it less likely that they’ll be prepared when the attack is launched."

Wenzler went on to say that this is not just for high-value targets like TeamViewer and that these tactics are used against any network that these groups are able to breach, whether for financial data, personal information, intellectual property, or to compromise other pieces of software so that they can embed their malicious access tools.

This article was originally published on SC Media US.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Webcasts and interviews 

Interview - Everyone has an Achilles heel: The new security paradigm

How can we defend networks now that the perimeter has all but disappeared?
Brought to you in partnership with ExtraHop