近日發現中國媒體引用了 Christopher Glyer 的 twitter 帖文指,Teamviewer 已被中國駭客組織 APT41 攻破,並取得後台管理系統,而且能訪問任何 (不限 OS) 安裝了 TeamViewer 的客戶端。此外,網上亦流傳一份懷疑是「深圳網絡與訊息通報中心」發出的緊急通報,提醒中國用家應盡快停用 Teamviewer。
Kind of neat – FLARE figured out they could brute force key space of ~4 billion keys (relatively small) based on the volume serial ID to decrypt the payload
This enabled us to identify two new malware families #FireEyeSummit pic.twitter.com/AkzqTioyyc
— Christopher Glyer (@cglyer) 2019年10月10日
不過這樣大的事件, 事隔兩天 Teamviewer 官方竟未有發出任何宣佈與消息? 所以小編也再翻查一下網絡的消息。後來發現原來 Christopher Glyer (FireEye 首席安全架構師) 已經在 twitter 上出面澄清,表示他早前的 PPT 畫面寫的是舊事件,並不是現在發生當中的事情,而這個畫面被大陸的部落客與媒體轉傳並大造文章。
Let me clarify. I was referring to an old incident as disclosed by TV before. There have been a few instances where malware was deployed through TV accounts, but nothing that wasn't in our earlier report. My goal wasn't to imply a current software or infrastructure compromise. https://t.co/LFrJgQgXXO
— Christopher Glyer (@cglyer) October 13, 2019
