TeamViewer, the popular remote access software company, has linked a recent cyberattack on its corporate network to a Russian state-sponsored hacking group.

An updated statement shared with BleepingComputer states that they attribute the attack to Midnight Blizzard (APT29, Nobelium, Cozy Bear).

TeamViewer says they believe their internal corporate network, not their production environment, was breached on Wednesday, June 26, using an employee’s credentials.

Buy Me A Coffee

“Current findings of the investigation point to an attack on Wednesday, June 26, tied to credentials of a standard employee account within our Corporate IT environment,” reads the updated TeamViewer statement.

“Based on continuous security monitoring, our teams identified suspicious behavior of this account and immediately put incident response measures into action. Together with our external incident response support, we currently attribute this activity to the threat actor known as APT29 / Midnight Blizzard.”

While investigations are ongoing, TeamViewer believes the attack originated from APT29, also known as Midnight Blizzard. This group, linked to Russia’s Foreign Intelligence Service (SVR), has a history of cyberespionage targeting government agencies and businesses.

DOJ Seizes ‘Bot Farm’ Operated by the Russian Government