January 21, 2025
Kinshasa, DR Congo
Cybersecurity & IT Security Technology & Innovation

AnyDesk, victim of a major cyber-attack: identifiers for sale on the dark web

German remote control software giant AnyDesk was recently the target of a major cyber attack, exposing a vulnerability in its IT system. Despite the immediate measures taken to strengthen security, the situation took a worrying turn when AnyDesk credentials were put up for sale on the dark web.

In an official statement, AnyDesk confirmed the intrusion, stating that the hackers compromised production systems, seizing source code and private code signing keys. Although the company insists that this is not a ransomware attack, it has not disclosed details of the hackers' modus operandi or the specific information compromised.

Among the 170,000 customers affected are renowned companies such as Samsung, Nvidia, Siemens and Thales. As soon as the attack was discovered, AnyDesk worked with cybersecurity experts to draw up a remediation plan.

AnyDesk has reviewed all its security certificates, initiated the replacement of old code signing certificates and taken preventive measures such as revoking all web portal passwords. However, researchers at cybersecurity firm Resecurity have identified a more serious threat.

On 4 February, Resecurity revealed the presence of hackers selling between 18,000 and 30,000 AnyDesk credentials on the dark web. These compromised credentials are the result of an infostealer malware, which extracts data before passing it on to the hackers. One of the hackers, calling himself "Jobaaaaa", put more than 18,000 identifiers up for sale on a Russian-speaking forum on the dark web, offering the sum of $15,000 in Bitcoin or Monero.

Resecurity researchers have also identified a threat linked to unauthorised access dating back to 3 February, after the security flaw was revealed. This raises concerns about the potential consequences of data theft, with risks of fraudulent transactions, data theft, identity theft and even future ransomware attacks.

This attack highlights the vulnerability of remote control solutions, a trend already identified by cybersecurity experts. Companies using software of this type must remain particularly vigilant in the face of persistent threats, and strengthen their security protocols.

Leave feedback about this

  • Quality
  • Price
  • Service

POSITIVE

+
Add Field

NEGATIVE

+
Add Field
Choose Image
en_GBEnglish (UK)