Cyber Incident Victim: AnyDesk
Date:
Feb 2024
Location:
Germany
Summary
AnyDesk experienced unauthorized access to its production systems, prompting activation of emergency response protocols with assistance from cybersecurity firm CrowdStrike. The company revoked all security-related certificates, replaced compromised systems, and initiated replacement of its code-signing certificate. They reset web portal passwords as a precaution, though no evidence indicated ransomware involvement or compromise of end-user devices. Authorities were notified, and remediation efforts concluded successfully. The firm emphasized its systems do not store private keys or credentials exploitable for device access and assured service safety, advising users to update to the latest software version featuring the new certificate.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
AnyDesk experienced a cybersecurity incident in early 2024, confirmed through internal investigations following initial system disruptions. The company detected anomalies on certain systems, prompting a security audit that revealed unauthorized access to production infrastructure. While AnyDesk explicitly stated this was not a ransomware attack, the compromise necessitated immediate activation of its cyber incident response protocols. External cybersecurity firm CrowdStrike assisted in forensic analysis and remediation efforts. The company notified relevant authorities and maintained ongoing collaboration with them throughout the incident lifecycle. Production systems were confirmed as the primary target of the breach, though the exact intrusion vector remained unspecified in public statements. System outages and service disruptions observed in preceding days were subsequently attributed to containment and remediation activities.
The response involved comprehensive infrastructure changes, including revocation of all security-related certificates and replacement of compromised systems. AnyDesk initiated replacement of its code-signing certificate for software binaries, advising users to update clients to versions signed with the new credential. As a precautionary measure, the company reset all user passwords for its my.anydesk.com web portal and recommended credential updates for any external services where identical passwords were reused. Forensic investigations found no evidence that end-user devices connected through AnyDesk were compromised during the incident. The company emphasized its systems don't store private keys, security tokens, or passwords that could facilitate unauthorized connections to client devices. Remediation efforts were declared complete with the situation under control, though the organization continued working with external experts to monitor systems. Service disruptions during the incident response period represented the primary operational impact acknowledged by the company.