Dark Mode Light Mode

Keep Up to Date with the Most Important News

By pressing the Subscribe button, you confirm that you have read and are agreeing to our Privacy Policy and Terms of Use
Follow Us
Follow Us
Login Login

AnyDesk changes passwords and revokes certificates following attack.

Late Friday, AnyDesk announced that hackers breached its production systems, locking it down for over a week.

Millions of IT professionals use AnyDesk to rapidly and remotely access clients’ devices for technical support. On its website, AnyDesk boasts over 170,000 clients, including Comcast, LG, Samsung, and Thales.

Threat actors and ransomware groups have long utilized the program to access victims’ computers and data. In January, CISA reported that hackers had hacked government agencies using genuine remote desktop software like AnyDesk.

Advertisement

The potential compromise was revealed last Monday when AnyDesk changed its code-signing certificates, which prohibit hackers from altering code. After a days-long downtime, AnyDesk said late Friday that it had “found evidence of compromised production systems.”

AnyDesk claimed to have revoked all security certifications, repaired or replaced systems, and invalidated all client web portal credentials as part of their issue response.

Friday, the business said, “We will be revoking the previous code signing certificate for our binaries shortly and have already started replacing it with a new one.

AnyDesk stated the intrusion was not ransomware but did not specify it.

Eltrys emailed AnyDesk representative Matthew Caldwell, who did not answer. CrowdStrike, which is helping AnyDesk fix the intrusion, declined to comment on Monday.

AnyDesk would not answer queries about client data access, but it stated there is “no evidence that any end-user systems have been affected.”

“We can confirm that the situation is under control and it is safe to use AnyDesk,” it added. “Please use the latest version with the new code signing certificate.”

AnyDesk has been criticized for its hack response. The four days of downtime commencing January 29, when AnyDesk barred customers from logging in, were first called “maintenance.” German blogger Günter Born first reported it. In an X post, seasoned incident responder Jake Williams accused AnyDesk of a “PR move” for announcing the hack to consumers before the weekend.

Security researchers say hackers are selling access to AnyDesk accounts ostensibly affected by the attack on recognized cybercrime forums, although they believe the stolen account data is from prior password-stealing malware infestations.

Keep Up to Date with the Most Important News

By pressing the Subscribe button, you confirm that you have read and are agreeing to our Privacy Policy and Terms of Use
Add a comment Add a comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Previous Post

Event management software business Everbridge is acquired by Thoma Bravo for $1.5B.

Next Post

Jua gets $16M to construct a weather-based AI model for nature.

Advertisement