Supply Chain: AnyDesk Customers Affected By Credentials Breach

Uploaded on 2024-02-07 in TECHNOLOGY--Hackers, FREE TO VIEW

Remote desktop software maker AnyDesk has disclosed that it suffered a cyber attack first detected on on Friday 2nd February that has caused problems with its production systems.

As a consequence, AnyDesk is revoking certificates and passwords which may affect as many as 170k customers, including major business es like Amedes, AutoForm Engineering, LG Electronics, Samsung Electronics, Spidercam, and Thales.

The German based company said the incident, which it discovered following a security audit, is not a ransomware attack and that it has notified relevant authorities. "We have revoked all security-related certificates and systems have been remediated or replaced where necessary," the company said in a statement.

The AnyDesk credentials seem to have been obtained with the aid of information-stealer malware that had compromised AnyDesk users’ systems. "We will be revoking the previous code signing certificate for our binaries shortly and have already started replacing it with a new one." the company said.

AnyDesk did not disclose when and how its production systems were breached. It's currently not known if any information was stolen following the hack. However, it emphasised there is no evidence that any end-user systems have been affected.

Meanwhile, researchers at endpoint protection specialist Resecurity have found two threat actors, one of whom goes by the online alias "Jobaaaaa," advertising a "significant number of AnyDesk customer credentials for sale at Exploit[.]in," noting it could be used for "technical support scams and mailing (phishing)." The threat actor has been found offering 18,317 accounts for $15,000 in crypto currency, in addition to agreeing to a deal via escrow on the cyber crime forum. There is no evidence that sale of credentials is related to the AnyDesk breach,

While exactly how these credentials were obtained, cyber criminals will be moving fast to exploit the exposed login details before passwords are reset.

These events follow only a a day after leading Internet security firm Cloudflare said that it was hacked by a suspected nation-state attacker using stolen credentials to gain unauthorised access to its Atlassian server and ultimately access documentation and a limited amount of source code.

AnyDesk: AnyDesk: @anydesk: Resecurity: Born City: Cloudflare: Security Week:

Hacker News: TechTarget: YCombninator:

You Might Also Read:

BEC Attacks: Trends & Predictions For 2024:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.