2013-03-23: TeamSpy Decade-Long Espionage Campaign
Level Four Attack
It has now come to light that for the past decade, a group nicknamed TeamSpy has been using a modified covert version of the TeamViewer app to spy on high-value targets across Eastern Europe.
The sustained and prolonged nature of the attack, plus the nature of the targets (governments, businesses, human rights activists), as well as the level of access granted by the penetration, easily qualifies this as a Gibson Level Four Attack. CrySyS Labs, one of the participants in the research effort on this attack, suggests that the attack was carried out by a small but technically skilled team who got sloppy and complacent as the years of successfully evading detection ticked by.
It's worth noting that although TeamViewer was used in this attack, TeamViewer itself was not exploited or penetrated - rather, the attackers wrapped its functionality in a cloaked DLL file, allowing them to remotely execute TeamViewer almost completely undetectably on the victims' computers.
Related Links
- The Register: TeamSpy snooped on governments, big biz undetected for 10 years
- Dark Reading: How TeamSpy Turned Legitimate TeamViewer App Into Cyberespionage Tool
- ThreatPost: Researchers Uncover 'TeamSpy' Attack Campaign Against Government, Research Targets
- Ars Technica: Decade-old espionage malware found targeting government computers