Pointed out that cyber attack group can access the system using PC remote operation software `` TeamViewer '', Chinese security company denies
It turned out that the remote desktop software “ TeamViewer ” for remote control of PC was used by a Chinese cyber attack group called “ APT41 ”. However, according to the Chinese security research institute, TeamViewer itself has never been hacked and has only been used several times.
[Report] Double Dragon: APT41, a Dual Espionage and Cyber Crime Operation
APT41 is a Chinese cyber attack group operating in 15 countries and regions including Japan. It has been confirmed that activities for financial purposes have been confirmed since 2012, and since then intellectual property has been stolen for the benefit of China.
A lecture on APT41 was held at
In the lecture, various attack history of APT41 was shown.
APT41 LOVES software supply chain compromise including— Christopher Glyer (@cglyer) October 10, 2019
CCleaner, Netsarang, league of legends, fifa online 3 ... etc
Out of these CCleaner likely enabled them access to virtually any org in the world #FireEyeSummit pic.twitter.com/DKPV98Syp8
One example of this was malware contamination of the PC optimization tool “CCleaner” that occurred in 2017.
A malware attack route for targeted attacks using the PC optimization tool `` CCleaner '' as a springboard-GIGAZINE
The story reveals that APR41 “takes over” the TeamViewer development company and is able to access the TeamViewer installed system. Multiple intrusions have been confirmed from 2017 to 2018, suggesting that a significant number of terminals are at risk.
However, the laboratories under the umbrella of China's Internet security company, Beijing Huashun Xin'an Technology Co., Ltd., White Hat Clan Safety Research Institute refute this.
TeamViewer Pseudo-Intrusion Incident Analysis | NOSEC Safe Life Platform-Shirakaba Safety Research Institute
According to the blog of Shirakaba Akira Safety Research Institute, the presentation document shows that TeamViewer played the role of an intrusion point and was used several times in cyber attacks, but it was shown that TeamViewer itself was hacked It is not.