Security Advisory : AnyDesk reports that hackers infiltrated its prodution servers and initiated passoword resets

RGSA 02-10-2024-01

Date: February 10, 2024

 

INTRODUCTION

On February 2, 2024, AnyDesk confirmed a recent cyberattack that resulted in hackers gaining access to the company’s production systems. The breach involved the theft of source code and private code signing keys.

AnyDesk is a widely used remote access solution that is popular among enterprises for remote support and accessing colocated servers.AnyDesk became aware of the attack after they detected an incident on their production servers. Following a security audit, they identified a compromise on their systems and implemented a response plan in collaboration with CrowdStrike.

Following the disclosure of the breach, cybersecurity company Resecurity promptly announced that an individual is attempting to vend the credentials of over 18,000 AnyDesk customers on a well-known cybercrime forum. The seller is seeking $15,000 in cryptocurrency for the compromised credentials.

a phone showing a username and password

IMPLICATIONS AND RECOMMENDATIONS

Although AnyDesk claims that passwords were not stolen in the attack, the threat actors still managed to successfully breach their production systems.

  1. If you use AnyDesk, modify your password.
  2. If the same password for AnyDesk is employed on other platforms, modify your password on those platforms aswell.

HOW RICHTER GUARDIAN CAN HELP YOU

  1. Our platform includes dark web monitoring – a service that can determine whether compromised credentials have been found on the dark web.
  2. Call us or send us an email at: +1 844-908-3950 and support@richterguardian.com if you are unsure. If you receive a call from someone purporting to be technical support or receive a pop-up regarding the safety of your device and you are unsure, call us to help you determine the legitimacy of their communication.