Remote access software company TeamViewer has attributed the recent security breach to a Russian state-sponsored threat actor tracked as Midnight Blizzard aka APT29, believed to be associated with the Russian Foreign Intelligence Service (SVR).

Last week, TeamViewer revealed it suffered a security breach on 26 June 2024 that affected its corporate IT environment. The firm said it immediately took response measures and that “there is no evidence to suggest that the product environment or customer data is affected.”

According to the company’s update on the incident, “credentials of a standard employee account” within its corporate IT environment were involved in the attack, although TeamViewer didn’t specify how exactly the hackers managed to breach the employee’s account and infiltrate the system. 

The intruders leveraged a compromised employee account to copy employee directory data (names, corporate contact information, and encrypted employee passwords) for the company's internal corporate IT environment, TeamViewer said.

“Following best-practice architecture, we have a strong segregation of the Corporate IT, the production environment, and the TeamViewer connectivity platform in place,” the company said. “This means we keep all servers, networks, and accounts strictly separate to help prevent unauthorized access and lateral movement between the different environments.”

On the same note, Microsoft said last week that the Midnight Blizzard threat actor accessed more customer emails than previously disclosed in the January 2024 cyberattack, which compromised its internal systems and exfiltrated data from the company’s corporate email systems, including source code repositories.