The well-known remote control software AnyDesk was attacked and hackers successfully stole the source code and code signing certificate/key.

The well-known remote control software AnyDesk disclosed today that the company has recently been attacked by hackers. The hackers invaded AnyDesk's production system in some way. In the end, the hackers successfully stole some of AnyDesk's source code and private code signing certificates and private keys.

AnyDesk provides remote access solutions. Many companies use AnyDesk to provide remote support to customers or to access hosted servers. Although its scale is not as large as TeamViewer, it still has more than 170,000 corporate or institutional customers, including the United Nations.

Not much is known at this time:

The company only discovered it had been compromised after noticing unusual events on its production servers, and subsequently hired external security firm CrowdStrike and launched a security response plan.

After conducting a security audit, AnyDesk confirmed that it had been hacked. However, the company did not disclose details about the attack.

Security website BleepingComputer has learned that hackers successfully stole AnyDesk's source code and private code signing certificates and keys.

AnyDesk stated that the relevant situation has been brought under control and it is safe to use AnyDesk. The latest version of AnyDesk has been replaced with a new code signing certificate, and all old version code signing certificates have been revoked.

Say users are not affected:

AnyDesk denied whether this hacking attack would lead to the user's server being controlled by hackers. The company said that the unique access token designed by AnyDesk will not be transmitted to the server. Instead, the access token only remains on the device and is associated with the device fingerprint information.

Therefore, all current customers can continue to use AnyDesk with confidence. The company also emphasizes that there is no indication that any AnyDesk connection session has been hijacked. After all, this is impossible.

Reset portal password:

However, AnyDesk's production system was accessed by hackers after all. For this reason, AnyDesk reset all accounts and passwords registered on its portal website. At this time, users may have received notification emails and need to reset their account passwords before they can log in again.

Attack events:

AnyDesk experienced four days of downtime starting on January 29, local time. At that time, AnyDesk said that it needed maintenance. After maintenance, you can log in again and use the AnyDesk client.

AnyDesk confirmed to BleepingComputer that the maintenance was related to the security incident.