In recent news, AnyDesk has officially acknowledged falling victim to a cyber attack resulting in a compromise of its production systems. The company clarified that this incident does not involve ransomware, and relevant authorities have been duly informed. AnyDesk, known for its remote access solution enabling users to access computers over networks or the internet, is widely utilized by enterprises for remote support and accessing colocated servers.
Upon detecting signs of an intrusion into some of its systems, AnyDesk promptly initiated a comprehensive security audit, which revealed evidence of compromised production systems. The company swiftly executed a remediation and response plan in collaboration with cybersecurity experts from CrowdStrike, successfully concluding the remediation efforts. The company assured users that all security-related certificates have been revoked, and systems have been remediated or replaced as needed. The previous code signing certificate for binaries is slated for revocation, with a new one already in the process of implementation.
AnyDesk highlighted that its systems do not store private keys, security tokens, or passwords that could potentially be exploited to connect to end-user devices. As a precautionary measure, all passwords to the web portal, my.anydesk.com, are being revoked, and users are advised to update their credentials if the login information is used elsewhere.
In its statement, AnyDesk said that it has initiated the replacement of stolen code signing certificates and urged its users to ensure they are using the latest version, featuring the new code signing certificate. In the past week only, Günter Born of BornCity had reported that a new certificate is already in use, introduced in AnyDesk version 8.0.8 released on January 29th. The sole listed change in this version is the transition to a new code signing certificate, with plans to revoke the old one soon.
However, two days after AnyDesk’s public announcement, it has been reported that multiple threat actors are actively selling compromised AnyDesk login credentials on both clear and dark web platforms, indicating potential risks for users.
A few days ago, tech giant Microsoft too disclosed a significant cyber attack on its corporate systems, perpetrated by a Russian state-sponsored hacking group known as Midnight Blizzard. This group, previously involved in the sophisticated SolarWinds attack, successfully gained unauthorized access and exploited this foothold to compromise a limited number of Microsoft corporate email accounts.
