AnyDesk confirms cyber attack — remote desktop firm revokes certificates as hackers infiltrate systems

AnyDesk Remote
(Image credit: AnyDesk)

AnyDesk has confirmed it suffered a cyberattack in which hackers were able to compromise its production systems.

In a press release published on the company’s website, the remote access provider said it spotted the attack after seeing “indications of an incident” in some of its systems. Subsequent investigation uncovered compromise in the company’s production systems, it said. 

While AnyDesk did not say who the attackers were or what they were after, it did say the incident was not related to ransomware. In an effort to secure its infrastructure, AnyDesk revoked all security-related certificates, and remediated or replaced other systems, where necessary. 

Source code stolen

“We will be revoking the previous code signing certificate for our binaries shortly and have already started replacing it with a new one,” the company's statement said.

AnyDesk also reassured its users that they are safe, noting, “Our systems are designed not to store private keys, security tokens or passwords that could be exploited to connect to end user devices,” the press release said. 

Still, in an abundance of caution, AnyDesk revoked all passwords to its web portal, site, and recommended users change their passwords if they’re using the same credentials elsewhere.

The company did not say what type of data the hackers stole. BleepingComputer, on the other hand, reports the attackers obtained both source code and private code signing keys. The same publication claims the attack started on January 29 and lasted for four days, during which the company was forced to block people from accessing the AnyDesk client.

That being said, users are strongly advised to switch to the new version of the AnyDesk software and change their passwords, immediately. 

AnyDesk is a popular remote access solution used by the likes of Samsung, and Nvidia. It says there is currently no evidence of any end-user devices being affected, and that the platform is safe to use.

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.