Report reveals that Chinese hackers breached popular remote access software TeamViewer in 2016.

What Exactly Happened With The TeamViewer Hack?

TeamViewer is a popular remote access and screen share program, with millions of users worldwide. Recently, the German software company behind TeamViewer confirmed to a German publication that their software was breached by Chinese hackers back in the fall of 2016 using Winnti trojan malware.

Their explanation for not sharing this information sooner despite the large number of customers using TeamViewer for business activities? They caught the hack very early on and were able to deal with the infection before any “major damage” could be done. Both their internal team and outside authorities were unable to find evidence that the hackers managed to steal any customer data or infect any customer computer systems.

It’s also worth mentioning that earlier in 2016, TeamViewer users reported that hackers had exploited a flaw in the TeamViewer software in order to empty out their bank accounts. TeamViewer did address these reports in May 2016, but denied that a hack happened. They stated that neither the company or the software had been breached, and there was no flaw in the software to be exploited. Instead, the incidents were chalked up to user error and carelessness.

What Is Winnti?

It was determined at the time that the hackers responsible had ties to the Chinese State Intelligence System based on their use of the Winnti trojan. Active since 2010 or possibly earlier, hackers with the Winnti Advanced Persistent Threat (APT) group have initiated several known financial attacks targeting software and gaming organizations. Their focus has primarily been on targets in the United States, Japan, and South Korea.

Their M.O. has been to use supply chain attacks, infecting legitimate servers and software with malicious updates designed to install malware on end-user systems. Once a Winnti infection takes hold, it downloads a backdoor payload that gives hackers access to the compromised system and allows them to control the infected computer remotely without user detection.

This control lets hackers do whatever they want with the infected computer system.

How Can You Avoid Winnti Malware And Similar Infections?

When malware is sneakily designed to slip past standard endpoint protections such as antivirus and antimalware software, adding additional layers to your cybersecurity can shore up your defenses. In addition to upgrading to enterprise-level antivirus protection created for business use and intrusion detection software, partnering with an IT support provider that has security expertise can make a big difference.

Having cybersecurity solutions in place that are up to date and able to keep up with today’s ever-evolving threats and eyes on your network 24/7 makes staying a step ahead of headaches like Winnti a less daunting process. These steps also protect you against the financial and reputational damage that goes along with a data breach. In 2019, keeping an issue like the 2016 TeamViewer hack to yourself is not an option, for both ethical and legal reasons – even if there is ‘no harm done’.