On June 27, TeamViewer issued a statement stating that it had detected an irregularity in its internal corporate environment. The statement emphasized that the internal corporate environment is completely independent from its product environment.
An update issued on June 28 stated that current findings pointed to an attack tied to the credentials of a standard employee account within our Corporate IT environment.
Together with our external incident response support, we currently attribute this activity to the threat actor known as APT29 / Midnight Blizzard. Based on current findings of the investigation, the attack was contained within the Corporate IT environment and there is no evidence that the threat actor gained access to our product environment or customer data.
TeamViewer’s most recent update states that continued investigation strengthens their assessment that the attack was confined to their internal corporate network.
Any additional updates can be found on their site at TeamViewer Trust Center.
APT29 is sometimes referred to as Cozy Bear or Fancy Bear.