AnyDesk, which provides a remote desktop application providing access, file transfer, and VPN functionality for endpoints, has announced that its production systems have been compromised, and that it plans to revoke all its security-related certificates and reset all Web portal passwords as a precaution.
The company assured its customers in a statement released late on Friday that no end user devices had been breached, adding that AnyDesk systems are “designed not to store private keys, security tokens, or passwords that could be exploited to connect to end user devices.”
AnyDesk also said that it’s working with appropriate law enforcement agencies on the incident and that there’s so far no evidence of ransomware.
In addition to the internal password rotations, the company urged its customers to update any passwords used across other accounts.
“To date, we have no evidence that any end-user devices have been affected,” the company said. “We can confirm that the situation is under control and it is safe to use AnyDesk. Please ensure that you are using the latest version, with the new code signing certificate.”
Remote access management tools like AnyDesk are a popular target of cybercriminals. In fact, last summer both the Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA) issued a joint advisory warning that threat actors were using these remote monitoring and management systems (RMMs), including AnyDesk and ScreenConnect to infiltrate organizations and federal agencies.