anydesk - isotope¹³

Incident Summary

AnyDesk Production Environment Breach (2024)

AnyDesk disclosed a breach of its production systems resulting in the theft of source code and private code-signing certificates. While not a ransomware attack, the stolen certificates were later used by threat actors to sign malware (such as Agent Tesla) as legitimate AnyDesk software.

Date: 2024-01-29 to 2024-02-02
Category: Commercial
Target Surface: Other
Insertion Phase: production
Impact: Data Leak
Cause: System Compromise

What Was Affected

Package anydesk

LanguageC++

ComponentApplication

Artifact typeapplication

Domain typevendor

Domain anydesk.com

Incident Context

Motive: Espionage
Attribution: Third Party
Transitive: No
User Impact: 18000
Observed Duration: 4 days

External References

thehackernews.com/2024/02/anydesk-hit-by-cyber-attack-hackers.html

Source Data

Source record: proprietary/anydesk/meta.yaml