AnyDesk Says Hackers breached its production servers, reset passwords.

Remote desktop application provider AnyDesk acknowledged that hackers recently had gained unauthorized access to the company’s production systems in a cyberattack.

The company in a statement Friday said it had worked with cybersecurity experts from CrowdStrike to remediate the incident and notify authorities.

AnyDesk said the incident did not involve ransomware. “We have revoked all security-related certificates and systems have been remediated or replaced where necessary. We will be revoking the previous code signing certificate for our binaries shortly and have already started replacing it with a new one,” the company said.

AnyDesk hacked

It was reported that source code and private code signing keys had been stolen during the cyber incident. But AnyDesk said that its systems are designed not to store private keys, security tokens or passwords that could be exploited to connect to end-user devices.

As a precaution, AnyDesk is revoking all passwords to its web portal, my.anydesk.com, and advising users to change their password anywhere else they may have reused it, according to the statement.

The Stuttgart, Germany-based company provides remote desktop software that enables users to access and control a computer or device from another location. It is commonly used for remote assistance, collaboration and accessing files or applications on a different machine.

Cybercriminals often target remote desktop applications to take over computers and potentially empty bank accounts, steal data or perform other malicious tasks remotely.

“To date, we have no evidence that any end-user devices have been affected. We can confirm that the situation is under control and it is safe to use AnyDesk. Please ensure that you are using the latest version, with the new code signing certificate,” the company said.

AnyDesk boasts a diverse customer base of 170,000 organizations, including 7-Eleven, Comcast, LG Electronics, Samsung Electronics, Spidercam, MIT, Nvidia, Siemens, the United Nations and Thales.

Last week, Günter Born, who writes the blog BornCity, sent an alert to all IT admins who use the remote maintenance software for remote support, warning that the service had been undergoing maintenance since Jan. 30, 2024.

This news came a day after internet infrastructure provider Cloudflare had said that a nation-state hacker used an access token and three service account credentials stolen from Okta in September to access a self-hosted Atlassian server used by Cloudflare.

The company said it had “failed to rotate” the credentials after Okta disclosed the attack in October.

You think you have a story worth everyone’s time? SUBMIT A STORY and we will publish it.