TeamViewer Trust Center

In collaboration with globally leading cyber security experts and relevant government authorities, our security teams continued their diligent investigation of the reported incident. Today’s findings strengthened our assessment that the attack was contained within TeamViewer’s internal corporate IT environment and did not touch the product environment, our connectivity platform, or any customer data. We therefore reconfirm our previous statements.

Given our strong commitment to security, we take the threat very seriously. We will continue our thorough investigation over the next days to enrich the collected evidence further and exhaust all investigative options. We will continue to provide updates in our Trust Center as new information becomes available.

A comprehensive taskforce consisting of TeamViewer’s security team together with globally leading cyber security experts has worked 24/7 on investigating the incident with all means available. We are in constant exchange with additional threat intelligence providers and relevant authorities to inform the investigation.

Current findings of the investigation point to an attack on Wednesday, June 26, tied to credentials of a standard employee account within our Corporate IT environment. Based on continuous security monitoring, our teams identified suspicious behavior of this account and immediately put incident response measures into action. Together with our external incident response support, we currently attribute this activity to the threat actor known as APT29 / Midnight Blizzard. Based on current findings of the investigation, the attack was contained within the Corporate IT environment and there is no evidence that the threat actor gained access to our product environment or customer data.

Following best-practice architecture, we have a strong segregation of the Corporate IT, the production environment, and the TeamViewer connectivity platform in place. This means we keep all servers, networks, and accounts strictly separate to help prevent unauthorized access and lateral movement between the different environments. This segregation is one of multiple layers of protection in our ‘defense in-depth’ approach.

Security is of utmost importance for us, it is deeply rooted in our DNA. Therefore, we commit to transparent communication to stakeholders. We will continue to update the status of our investigations in our Trust Center as new information becomes available. We expect to post the next update by end of today CEST.