First let me get to the top level item. Remote access software provider AnyDesk has put out a statement that said the following:
Following indications of an incident on some of our systems, we conducted a security audit and found evidence of compromised production systems. We immediately activated a remediation and response plan involving cyber security experts CrowdStrike. The remediation plan has concluded successfully. The relevant authorities have been notified and we are working closely with them. This incident is not related to ransomware.
We have revoked all security-related certificates and systems have been remediated or replaced where necessary. We will be revoking the previous code signing certificate for our binaries shortly and have already started replacing it with a new one.
Our systems are designed not to store private keys, security tokens or passwords that could be exploited to connect to end user devices. As a precaution, we are revoking all passwords to our web portal, my.anydesk.com, and we recommend that users change their passwords if the same credentials are used elsewhere.
To date, we have no evidence that any end-user devices have been affected. We can confirm that the situation is under control and it is safe to use AnyDesk. Please ensure that you are using the latest version, with the new code signing certificate.
Well, this is not trivial. It seems like the threat actor was trying to pull of some sort of supply chain attack where the threat actor pwns AnyDesk to pwn AnyDesk customers. At this point it looks like they got stopped before any real damage was done. But we’ll have to see if that’s true in the coming days, weeks, and months as companies who are downstream victims of a supply chain attack will often find out that they got pwned much later. Having said that, if you use AnyDesk, it might be worth your while to bring in an expert now to make sure you haven’t got pwned in any way.
What’s ironic about this is the fact that AnyDesk for many years has been the tool of choice by threat actors in general, but more specifically scammers who are often based in India to get and maintain persistent access to victims computers. Now to be fair to AnyDesk, they have been trying to fight back against this with the help of some well known scam baiters. But for them to get pwned is a bit ironic.
Related
This entry was posted on February 5, 2024 at 9:26 am and is filed under Commentary with tags AnyDesk, Hacked. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
AnyDesk Pwned…. Which Is Kind Of Ironic If You Ask Me
First let me get to the top level item. Remote access software provider AnyDesk has put out a statement that said the following:
Following indications of an incident on some of our systems, we conducted a security audit and found evidence of compromised production systems. We immediately activated a remediation and response plan involving cyber security experts CrowdStrike. The remediation plan has concluded successfully. The relevant authorities have been notified and we are working closely with them. This incident is not related to ransomware.
We have revoked all security-related certificates and systems have been remediated or replaced where necessary. We will be revoking the previous code signing certificate for our binaries shortly and have already started replacing it with a new one.
Our systems are designed not to store private keys, security tokens or passwords that could be exploited to connect to end user devices. As a precaution, we are revoking all passwords to our web portal, my.anydesk.com, and we recommend that users change their passwords if the same credentials are used elsewhere.
To date, we have no evidence that any end-user devices have been affected. We can confirm that the situation is under control and it is safe to use AnyDesk. Please ensure that you are using the latest version, with the new code signing certificate.
Well, this is not trivial. It seems like the threat actor was trying to pull of some sort of supply chain attack where the threat actor pwns AnyDesk to pwn AnyDesk customers. At this point it looks like they got stopped before any real damage was done. But we’ll have to see if that’s true in the coming days, weeks, and months as companies who are downstream victims of a supply chain attack will often find out that they got pwned much later. Having said that, if you use AnyDesk, it might be worth your while to bring in an expert now to make sure you haven’t got pwned in any way.
What’s ironic about this is the fact that AnyDesk for many years has been the tool of choice by threat actors in general, but more specifically scammers who are often based in India to get and maintain persistent access to victims computers. Now to be fair to AnyDesk, they have been trying to fight back against this with the help of some well known scam baiters. But for them to get pwned is a bit ironic.
Share this:
Like this:
Related
This entry was posted on February 5, 2024 at 9:26 am and is filed under Commentary with tags AnyDesk, Hacked. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.