German-based remote control and desktop sharing software TeamViewer was compromised in 2016. It is reported that the hackers behind this cyber attack were of Chinese origin and used the Winnti Trojan malware. It was previously found that the activities of this malware were linked to the Chinese state intelligence system.
TeamViewer enjoyed immense popularity in the realm of desktop sharing and remote control. However, software such as TeamViewer is frequently the target of cyber attacks and it is necessary for such software companies to ensure a strict security practice in place.
The Winnti Trojan malware was active since 2010 and the Winniti Advanced Persistent Threat (APT) group had previously launched several financial attacks in the past. Many software and gaming organizations of the US, Japan, and South Korea were victims of this group.
The hacker group primarily uses supply chain attacks whereby it infects legitimate software or servers with updates that install malware on the end user’s system. This way, once a system gets infected, the Winniti then downloads a backdoor payload on the system which lets an attacker remotely access the victim’s system without their knowledge.
In an emailed statment, TeamViewer said:
“An expert team of internal and external cyber security researchers, working together closely with the responsible authorities, successfully fended off the attack and with all available means of IT forensics found no evidence that customer data or other sensitive information had been stolen, that customer computer systems had been infected or that the TeamViewer source code had been manipulated, stolen or misused in any other way.”
However, German newspaper Der Spiegel opposes this statement and has criticized TeamViewer for not disclosing such an intrusion to its users. As most of TeamViewer’s customer base are businesses, that often deal with sharing sensitive data, it becomes TeamViewer’s responsibility to keep its users up-to-date with any such security breaches.
TeamViewer said that it discovered the vulnerability on time and fixed it before there was any potential loss, theft or damage to the users. They also said that a thorough inspection revealed that no systems were compromised and no user data was stolen as a result of this attack.
“Like many technology leaders, TeamViewer is frequently confronted with attacks by cybercriminals. For this reason, we continuously invest in the advancement of our IT security and cooperate closely with globally renowned institutions in this field,” said TeamViewer said in a followup statement.
TeamViewer further said that this breach by the Chinese attackers wasn’t related to the other cyber attack that took place in the month of May in 2016.