TLDR:

• Remote desktop software maker, AnyDesk, has experienced a security breach where hackers were able to access source code and private code signing keys.
• The company responded to the breach by revoking all security-related certificates and passwords, and plans to issue a new code signing certificate.
• AnyDesk is urging users to change their passwords and download the latest version of the software.

AnyDesk Urges Password Change Amid Security Breach

AnyDesk, a remote desktop software maker, has reportedly become a victim of a cyberattack that compromised its production systems, allegedly allowing hackers to access source code and private code signing keys. The company experienced a four-day outage from January 29th to February 1st, affecting users’ ability to log in to the AnyDesk client.

The attack was discovered after signs of intrusion were detected on AnyDesk’s product servers. The company activated a response plan in collaboration with cybersecurity firm CrowdStrike. While reports suggest that the attackers stole source code and code signing certificates, AnyDesk has not confirmed this. However, they have confirmed that the incident was not a ransomware attack.

In response to the breach, AnyDesk revoked all security-related certificates and systems, replacing or remediating its systems. The company also revoked all passwords for its web portal as a precautionary measure and notified relevant authorities. AnyDesk assured users that their end-user systems were not affected and that their security tokens and passwords were not stored in their systems. However, they recommended that users change their passwords if the same credentials are used elsewhere.

AnyDesk is a popular remote access solution for enterprise users, with over 170,000 customers, including high-profile firms like Amedes, AutoForm Engineering, LG Electronics, Comcast, NVIDIA, 7-Eleven, Siemens, MIT, Samsung Electronics, Spidercam, Thales, and the United Nations. Its wide reach and remote accessibility make it a target for threat actors looking to gain persistent access to breached devices and networks.