AnyDesk Confirms Systems Hacked, Triggers Password Reset

Remote desktop application provider AnyDesk acknowledged hackers recently gained unauthorized access to the company’s production systems in a cyberattack.

See Also: Live Webinar | Securing the Cloud: Mitigating Vulnerabilities for Government

The company in a statement said Friday it worked with cybersecurity experts from CrowdStrike to remediate the incident and notify authorities.

The company said the incident did not involve ransomware. “We have revoked all security-related certificates and systems have been remediated or replaced where necessary. We will be revoking the previous code signing certificate for our binaries shortly and have already started replacing it with a new one,” the company said.

BleepingComputer reported that source code and private code signing keys were stolen during the cyber incident. But the company said that its systems are designed not to store private keys, security tokens or passwords that could be exploited to connect to end-user devices.

As a precaution, the company is revoking all passwords to its web portal, my.anydesk.com, and advising users to change their password anywhere else they may have reused it, according to the statement.

Stuttgart, Germany-based company AnyDesk provides remote desktop software that enables users to access and control a computer or device from another location. It is commonly used for remote assistance, collaboration and accessing files or applications on a different machine.

Cybercriminals often target remote desktop applications to take over computers and potentially empty bank accounts, steal data or perform other malicious tasks remotely.

“To date, we have no evidence that any end-user devices have been affected. We can confirm that the situation is under control and it is safe to use AnyDesk. Please ensure that you are using the latest version, with the new code signing certificate,” the company said.

AnyDesk boasts a diverse customer base of 170,000 organizations, including 7-Eleven, Comcast, LG Electronics, Samsung Electronics, Spidercam, MIT, NVIDIA, SIEMENS, the United Nations and Thales.

Last week, Günter Born of BornCity sent an alert to all IT admins who use the remote maintenance software for remote support, warning that the service was experiencing had been undergoing maintenance since Jan. 30, 2024.

This news came a day after, internet infrastructure provider Cloudflare said a nation-state hacker used an access token and three service account credentials stolen from Okta in September to access a self-hosted Atlassian server used by Cloudflare.

The company said it “failed to rotate” the credentials after Okta disclosed the attack in October.