Remote desktop provider AnyDesk Hit by Cyber-Attack

The provider of remote desktop software, AnyDesk, has officially confirmed the compromise of its production systems in the wake of a cyber-attack. Adversaries successfully infiltrated AnyDesk’s systems, pilfering source code and private code signing keys, thereby gaining entry into the company’s production systems. This revelation was made on February 2nd 2024.

In response to the breach, AnyDesk promptly initiated a remediation and response plan, enlisting the expertise of cybersecurity professionals from CrowdStrike. The execution of the remediation plan was deemed successful, as stated in AnyDesk’s public announcement. The company took swift action by revoking all security-related certificates and web portal passwords through maintenance, asserting that the threat actor has been ousted from its network.

Notably, the hack was not associated with ransomware, and AnyDesk uncovered no indications of any impact on end-user devices. Two days following the public statement by AnyDesk, on February 4th 2024, cybersecurity firm Resecurity disclosed that multiple threat actors were peddling compromised AnyDesk login credentials on both the clear and dark web.

Resecurity’s Hunter team, in a report, identified one such threat actor using the alias ‘Jobaaaaa,’ who had registered their forum account in 2021. This actor had listed over 18,000 AnyDesk customer credentials for sale on Exploit[.]in, a prominent Dark Web forum. Despite this, according to SOS Intelligence, the new breach is likely unrelated to the preceding cyber-attack.