According to FireEye report:
“APT41 is unique among tracked China-based actors in that it leverages non-public malware typically reserved for espionage operations in what appears to be activity that falls outside the scope of state-sponsored missions.
https://content.fireeye.com/apt-41/rpt-apt41/
Based on early observed activity, consistent behavior, and APT41’s unusual focus on the video game industry, we believe the group’s cyber crime activities are most likely motivated by personal financial gain or hobbyist interests.”
But Later TeamViewer clarify:
TeamViewer is safe to use. In a statement, FireEye has made clear that they are not implying a compromise of TeamViewer or a previously undisclosed incident. This clarification corresponds to the assessment of leading external security experts.
https://community.teamviewer.com/t5/Announcements/FireEye-clarification-regarding-misleading-Social-Media-post/m-p/73804#M319
First Responding: (just in case… if you think you are under attack)
- If you have NG Firewall configure an Layer 7 Policy (Application policy) to identify the TeamViewer application flow and block it. (* use this L7 block only for the time necessary for the mitigation of this cybersecurity event)
- If you have an old Firewall block these IPs: (* use this L3 block only for the time necessary for the mitigation of this cybersecurity event)
13.32.255.201
13.32.255.231
13.32.81.24
13.32.81.37
13.32.81.66
13.32.81.76
13.32.83.109
13.32.90.10
37.252.253.5
92.51.156.68
3.216.251.45
3.218.135.46
13.32.8.165
13.32.43.14
13.32.43.72
13.32.43.98
13.32.43.121
13.32.70.139
13.32.81.22
13.32.142.126
13.32.142.173
13.32.142.226
13.32.142.245
13.32.90.22
13.32.90.27
13.32.255.150
13.33.23.21
13.33.23.24
13.35.115.5
13.33.23.82
13.33.67.49
13.33.73.118
13.33.96.23
13.33.112.99
13.33.125.203
13.33.131.13
13.33.131.44
13.33.131.57
13.33.169.63
13.33.231.38
13.35.99.31
13.32.90.44
13.32.90.108
13.32.99.177
13.32.90.11
37.252.232.5
92.51.156.70
92.51.156.72
92.51.156.92
217.146.8.4
217.146.13.3
3.0.207.158
13.32.143.116
13.32.158.34
13.32.158.176
13.32.183.73
13.32.183.166
13.32.255.23
13.32.255.33
Mitigation:
- Download & Install the latest version of TeamViewer only from a secure source.
- Change user passwords!
- Check for abnormal behaviors
- Check for Data Breach!
I hope it helps you!
.glitchlist crew