AnyDesk users faced days-long login issues as the company investigated the problem in collaboration with cybersecurity firm CrowdStrike.
AnyDesk, a remote desktop software maker, has reportedly become a victim of a cyberattack that compromised its production systems, allegedly allowing hackers to access source code and private code signing keys.
It is worth noting that the company experienced a four-day outage from January 29th to February 1st 2024, affecting the users’ ability to log in to the AnyDesk client.
In its official advisory, Germany-based AnyDesk revealed discovering the attack after detecting signs of intrusion on its product servers. After a security audit, they activated a response plan in collaboration with CrowdStrike.
Media reports suggest that the attackers stole source code and code signing certificates; however, AnyDesk has not confirmed it yet. It has only confirmed that the incident was not a ransomware attack.
AnyDesk responded to the incident by revoking all security-related certificates and systems replacing or remediating its systems. It also plans to revoke the previous code signing certificate for binaries with a new one.
Moreover, the company has revoked all passwords for its web portal (my.anydeskcom) too, as a precautionary measure. Relevant authorities have been notified of the breach as well.
Although AnyDesk states there is no evidence of any end-user systems affected it did not share the details on how the production system hacking occurred or regarding stealing of information and session hijacking. The company noted that it never stores private keys, security tokens, or passwords so end-users should not feel threatened by the breach.
“Our systems are designed not to store private keys, security tokens or passwords that could be exploited to connect to end-user devices. As a precaution, we are revoking all passwords to our web portal, my.anydesk.com, and we recommend that users change their passwords if the same credentials are used elsewhere,” AnyDesk’s advisory read.
Nevertheless, AnyDesk is urging users to change their passwords if reused on other online services and download the latest version AnyDesk 8.0.8, which has a new code signing certificate. It is still surprising because certificates are invalidated only when they have been compromised.
AnyDesk is a popular remote access solution for enterprise users, with over 170,000 customers including high-profile firms like Amedes, AutoForm Engineering, LG Electronics, Comcast, NVIDIA, 7-Eleven, Siemens, MIT, Samsung Electronics, Spidercam, Thales, and the United Nations.
Unfortunately, its wide reach and remote accessibility make it a popular tool among threat actors for gaining persistent access to breached devices and networks. In July 2021, Hackread reported seizing a fake call centre that had been scamming US citizens for seven months with employees posing as Amazon’s technical support team. The employees extorted Amazon users by claiming their Amazon IDs were hacked and tricked them into paying for fake ID repairs via the AnyDesk app.
- Zoom Vulnerability Allowed Hackers to Take Over Meetings
- Cloudflare Hacked After State Actor Leverages Okta Breach
- TeamViewer Used to Obtain Remote Access, Deploy Ransomware
- Adobe Reset User Passwords as Precaution Against Data Breach Risk
- Microsoft Teams External Access Abuses to Spread DarkGate Malware