AnyDesk, a widely-used platform for remote access software, fell victim to a ransomware attack, exposing its source code and private code sign keys to hackers. The enterprise software company detected malicious activity within its computer networks on a Friday afternoon and promptly initiated remediation efforts.
Although the identity of the threat actor remains officially undisclosed, AnyDesk staff confirmed the incident as a ransomware attack and pledged to share more details as the investigation unfolds. Reports suggest that the infiltration may have occurred on January 29th of the current year, with identification taking place on February 2nd. In response, the company promptly disabled user login access.
There are suspicions that a state-funded actor, Midnight Blizzard, may be behind the incident, potentially linked to Russian Intelligence.
Meanwhile, content delivery services provider Cloudflare revealed that its corporate computer network had been targeted by cybercriminals around Thanksgiving the previous year. The company disclosed that the attack leveraged stolen passwords obtained during the Okta data breach in October 2023.
Preliminary investigations by security experts from CrowdStrike indicated successful access to the company’s AWS environment and Atlassian Jira and Confluence modules. However, they were unable to breach the Cloudflare dashboard and other instances of Okta’s software.
As a precautionary measure, Cloudflare tested over 5000 systems and replaced 15 in its Sao Paulo Data Center, although experts have not confirmed whether these systems were compromised in the incident.
The primary objective of the cyber attack appears to be straightforward—gather intelligence and share it with interested parties, including state-funded actors and competitors.