{"id":33092,"date":"2024-02-08T00:20:03","date_gmt":"2024-02-07T23:20:03","guid":{"rendered":"http:\/\/159.69.82.204\/win\/?p=33092"},"modified":"2024-02-20T11:18:58","modified_gmt":"2024-02-20T10:18:58","slug":"anydesk-hack-already-noticed-on-december-20-2023-part-9","status":"publish","type":"post","link":"https:\/\/borncity.com\/win\/2024\/02\/08\/anydesk-hack-already-noticed-on-december-20-2023-part-9\/","title":{"rendered":"AnyDesk hack already noticed on December 20, 2023? – Part 9"},"content":{"rendered":"

\"Sicherheit[German<\/a>]The successful cyberattack on AnyDesk, a provider of remote maintenance software, is making quite a stir. Officially, the incident was confirmed by AnyDesk on February 2, 2024 (specifically Friday evening at 10:44 pm). Almost nothing is known – neither when, nor what exactly was hacked. I've been working on this topic since January 2024 and an overall picture is emerging from many bits and pieces of information. I now have various sources that indicate that the hack was noticed as early as December 20, 2023. Addendum:<\/strong> AnyDesk has confirmed my suspicions, see my text below.<\/p>\n

<\/p>\n

No details from AnyDesk<\/h2>\n

\"\"As mentioned above and in my posts at the end of the article, a cyber incident at AnyDesk that affected the production systems has been confirmed since February 2, 2024. I received the press release (Friday night) at 22:44. I have again pulled out the screenshot of the statement<\/a>:<\/p>\n

\"AnyDesk-Meldung<\/a><\/p>\n

The announcement says next to nothing. In the article AnyDesk confirmed, they have been hacked in January 2024, Production systems affected<\/a> \u2013 Part 1 I had compiled some more information that I had. But nothing is known for sure, was my conclusion.<\/p>\n

On February 5, an update of AnyDesk was published (see AnyDesk hack – more details (FAQ from Feb. 5, 2024)<\/a> – Part 8), which links to an FAQ from AnyDesk<\/a>. I had extracted some insights from the FAQ in my linked article.<\/p>\n

The company could have com forward and provided more details. Unfortunately, the FAQ again leaves the essential questions (when was what hacked) in connection with the incident unanswered.<\/p>\n

When was the compromise noticed?<\/h2>\n

What is striking about the entire story regarding the official announcements by the provider AnyDesk is that there is only ever a minimal admission of what is absolutely necessary. \"Yes, we were hacked\" – \"we immediately took countermeasures\" – \"everything is fine again, users can safely use AnyDesk again\".<\/p>\n

This may all be true – but there is a lack of transparency. To this day, we do not officially know when the attack took place, what exactly was compromised and whether private keys and source code were extracted. There are rumors that keys and source code may have been extracted – but this has not been officially confirmed or denied.<\/p>\n

In the post AnyDesk hack – more details (FAQ from Feb. 5, 2024)<\/a> – Part 8, I tried to derive certain findings from the FAQ and explained what was compromised (probably Proyx servers, which was admitted). And even this announcement is open to interpretation and misunderstanding, as the discussion on the post shows.<\/p>\n

In the blog post, I also extracted the information from the AnyDesk FAQ, which states that the attack was noticed in mid-January 2024. But there is a suspicion that says an attack was noticed as early as December 20, 2023. My gut feeling told me, based on a reader observation, that something could have already been going on at the end of 2023 for a week now.<\/p>\n

The French ANSSI report<\/h3>\n

Yesterday I came across a warning from the French security authority ANSSI (they are the equivalent of the German BSI or US CISA) as part of the preparation of the article AnyDesk hack – more details (FAQ from Feb. 5, 2024)<\/a> – Part 8. In a message<\/a> dated February 5, 2024, the French CERT refers to information from German BSI dated January 29, 2024. The publicly accessible message states that the BSI had been notified of a cyber incident at AnyDesk. The following statements in the ANSSI warning are noteworthy:<\/p>\n