THREAT ALERT

AnyDesk Threat Alert

Monday, February 5th, 2024

VIEW ALL THREAT ALERTS

DefenseStorm

DefenseStorm is aware of an incident involving  AnyDesk and the compromise of some of their production systems.  The incident was reported by AnyDesk on 2/2/2024.  We have not been able to locate any usable technical details or IOCs at this time.  AnyDesk is a widely used remote desktop software that allows users to access and control computers from anywhere in the world.

DefenseStorm is aware of an incident involving AnyDesk and the compromise of some of their production systems.  The incident was reported by AnyDesk on 2/2/2024.  We have not been able to locate any usable technical details or IOCs at this time.  AnyDesk is a widely used remote desktop software that allows users to access and control computers from anywhere in the world.

Please see the notification below directly from AnyDesk regarding this incident.

Following indications of an incident on some of our systems, we conducted a security audit and found evidence of compromised production systems. We immediately activated a remediation and response plan involving cyber security experts CrowdStrike. The remediation plan has concluded successfully. The relevant authorities have been notified, and we are working closely with them. This incident is not related to ransomware.

We have revoked all security-related certificates, and systems have been remediated or replaced where necessary. We will be revoking the previous code signing certificate for our binaries shortly and have already started replacing it with a new one.

Our systems are designed not to store private keys, security tokens or passwords that could be exploited to connect to end user devices. As a precaution, we are revoking all passwords to our web portal, my.anydesk.com, and we recommend that users change their passwords if the same credentials are used elsewhere.

To date, we have no evidence that any end-user devices have been affected. We can confirm that the situation is under control and it is safe to use AnyDesk. Please ensure that you are using the latest version, with the new code signing certificate.

The integrity and trust in our products are of paramount importance to us, and we are taking this situation very seriously.

If you have any further questions, please do not hesitate to contact us.

You can reach us by email at [hotline@anydesk.com] or by phone at +1 727 349 4750

As always ,DefenseStorm recommends staying up to date on patching and the latest vulnerabilities.  It is also recommended that if you use AnyDesk in your environment or organization, you may want to bookmark the AnyDesk press website to stay informed on any new updates regarding the incident.

References:

hxxps://anydesk[.]com/en/public-statement

James Bruhl

James Bruhl

Director of Cyber Threat Intelligence

James Bruhl is the Director of Cyber Threat Intelligence for DefenseStorm. He joined the company with 15 years of experience as a law enforcement officer, bringing extensive experience in crime prevention, evidence collection, investigative techniques, and crisis management. Driven by a passion for technological advancements and the ever-evolving landscape of digital threats, he transitioned to the field of digital forensics, incident response, and cybersecurity. In his role, he honed his skills in analyzing digital evidence, identifying cyber threats, and implementing robust security measures specializing in forensic examinations on various devices to uncover critical information and support investigations. James began at DefenseStorm as a security engineer in 2020 and developed DefenseStorm’s EDR Service. He was then appointed as Director of Cyber Threat Intelligence in 2022 and is responsible for nearly all facets of the EDR service. During his cyber career, James has been instrumental in proactively detecting and responding to cyber incidents and plays a vital role in incident response teams, coordination efforts to mitigate the impact of breaches, vulnerability identification, and strategy implementation to prevent future attacks. He continues to share his expertise by conducting training sessions, participating in conferences, and writing articles on topics related to digital forensics, incident response, and cybersecurity. James holds a bachelor’s in criminal justice from the University of North Georgia and a GCFE certification.