[German]A short warning to IT supporters who use the AnyDesk remote maintenance software for remote support. A few days ago, I reported some issues with this product (see my German blog post Störung bei AnyDesk, jemand betroffen?). AnyDesk web site has been on maintenance since January 30, 2024. Now vague information is trickling in, that there has been a cyber incident – although there is an information lock, so I can't get any details. Addendum: The hack is confirmed.
Advertising
The information I got so far is that there is a problem with AnyDesk. A cyber incident has been occurred – but no details are available from my sources. There is a recommendation from one source (which is currently rather nebulous) to look very carefully where AnyDesk is used (never in critical infrastructure environments).
Combining numerous vague fragments of information I got from several sources – and some concrete observations from the readership – I have an idea of what might have happened. The official change log of AnyDesk client version 8.0.8, dated January 29, 2024, says "Exchanged code signing certificate. The previous certificate will be invalidated soon. Please update." I know also, that there is a confidential warning from German cyber security watch guard (BSI) – but I was not able to get the details.
As a precautionary measure, I would not use use AnyDesk anymore until the details have been clarified and to keep a very close eye on systems in which the product was used in January 2024 (and scan them for malware if necessary). I hope, I can report a few more details within the next days.
Addendum: It's now official confirmed by AnyDesk, that they have been compromised. I've covered the first part of the story at AnyDesk confirmed, they have been hacked in January 2024, Production systems affected. I still plan a 2nd article with more information I received for several sources.
Articles:
AnyDesk confirmed, they have been hacked in January 2024, Production systems affected – Part 1
AnyDesk hack undercover – more information and thoughts – Part 2
AnyDesk hack undercover – Suspicious cases and more – Part 3
AnyDesk hack undercover – Access data offered for sale – Part 4
Advertising
Similar article:
Störung bei AnyDesk, jemand betroffen?
AnyDesk: Be careful in using that remote support software
Advertising
Thanks for spreading the word – AnyDesk is still mum.
Your title and H1 tags have a typo at the moment: "AndDesk" instead of "AnyDesk".
AnyDesk confirmed the hack
AnyDesk confirmed today that it suffered a recent cyberattack