A representative of the company stated that, after conducting an investigation, it was possible to conclude that the cyberattack was operated by a group of government-sponsored Chinese threat actors. “TeamViewer was the target of a cyberattack in the autumn of 2016; the anomalous activity was detected in time, so the hackers did not manage to do considerable damage”, the spokesman mentioned.
Although the company did not disclose the incident in 2016, web application security testing firms and members of the cybersecurity community claim that there is no evidence to confirm a data breach or theft of the company’s confidential source code.
Anyways, this doesn’t mean that the company’s networks were safe; web application security testing managed to infiltrate TeamViewer systems since 2014, achieving a persistence of up to two years; In addition, experts report that attackers used a backdoor trojan known as Winnti, commonly linked to Chinese government-sponsored hacker groups.
According to experts from the International Institute of Cyber Security (IICS) this backdoor is gradually becoming more popular among the cybercrime community, so it is likely that its developers have sold or shared with other threat groups, so it is difficult to say with certainty that is behind the attack on TeamViewer.
Although there is nothing certain, the researchers say that, based on the mode of operation of the attack, it is likely to have to do with the malicious hacker groups known as APT 10 and APT 17, both linked to the Chinese government and specialized in attacks against supply chains and implementations in the cloud.
Just a few months ago, TeamViewer caught the attention of cyber-security specialists, but not for the right reasons; versions of the software have often been used to exploit vulnerabilities or inject malware into a system to take control of the compromised computers.