TeamViewer under attack

glitchlist Blog Leave a Comment

According to FireEye report:

“APT41 is unique among tracked China-based actors in that it leverages non-public malware typically reserved for espionage operations in what appears to be activity that falls outside the scope of state-sponsored missions.

Based on early observed activity, consistent behavior, and APT41’s unusual focus on the video game industry, we believe the group’s cyber crime activities are most likely motivated by personal financial gain or hobbyist interests.”

https://content.fireeye.com/apt-41/rpt-apt41/

But Later TeamViewer clarify:

TeamViewer is safe to use. In a statement, FireEye has made clear that they are not implying a compromise of TeamViewer or a previously undisclosed incident. This clarification corresponds to the assessment of leading external security experts.

https://community.teamviewer.com/t5/Announcements/FireEye-clarification-regarding-misleading-Social-Media-post/m-p/73804#M319

First Responding: (just in case… if you think you are under attack)

  • If you have NG Firewall configure an Layer 7 Policy (Application policy) to identify the TeamViewer application flow and block it. (* use this L7 block only for the time necessary for the mitigation of this cybersecurity event)
  • If you have an old Firewall block these IPs: (* use this L3 block only for the time necessary for the mitigation of this cybersecurity event)
13.32.255.201
13.32.255.231
13.32.81.24	 		
13.32.81.37	 		
13.32.81.66	 		
13.32.81.76	 		
13.32.83.109	 		
13.32.90.10
37.252.253.5	 	  
92.51.156.68	
3.216.251.45	 		
3.218.135.46	 		
13.32.8.165	 		
13.32.43.14	 		
13.32.43.72	 		
13.32.43.98	 		
13.32.43.121	 		
13.32.70.139	 		
13.32.81.22	 		
13.32.142.126	 		
13.32.142.173	 		
13.32.142.226	 		
13.32.142.245	 		
13.32.90.22	 		
13.32.90.27
13.32.255.150	 		
13.33.23.21	 		
13.33.23.24	 	
13.35.115.5
13.33.23.82	 		
13.33.67.49	 		
13.33.73.118	 		
13.33.96.23	 		
13.33.112.99	 		
13.33.125.203	 		
13.33.131.13	 		
13.33.131.44	 		
13.33.131.57	 		
13.33.169.63	 		
13.33.231.38	 		
13.35.99.31	
13.32.90.44	 		
13.32.90.108	 		
13.32.99.177
13.32.90.11	 
37.252.232.5	 	
92.51.156.70	 	  
92.51.156.72	 	  
92.51.156.92	 	  
217.146.8.4	 	  
217.146.13.3
3.0.207.158	 	
13.32.143.116	 		
13.32.158.34	 		
13.32.158.176	 		
13.32.183.73	 		
13.32.183.166	 		
13.32.255.23	 		
13.32.255.33

Mitigation:

  • Download & Install the latest version of TeamViewer only from a secure source.
  • Change user passwords!
  • Check for abnormal behaviors
  • Check for Data Breach!

I hope it helps you!

.glitchlist crew

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.