Team Axon is aware of the latest publications around AnyDesk’s incident. As per the public announcement of AnyDesk, there is no evidence that any end-user device had been affected.
The queries can be used by your team for multiple purposes, including:
- Tracking AnyDesk usage throughout the organizational infrastructure.
- Identification of suspicious AnyDesk usage
- Identification of existing AnyDesk versions throughout the organizational infrastructure, making sure only up-to-date versions are being used. (Using the file hashes available, so as potentially using certificate information)
As recommended by the AnyDesk team, please consider the following:
- AnyDesk Password Reset - It is recommended to reset the AnyDesk passwords.
- Password Reuse - In case of usage of the same/similar passwords to AnyDesk passwords for authentication to other platforms/applications, it is highly recommended to reset those passwords to different, long, and complex passwords.
- Installation of the newest version of AnyDesk - As AnyDesk mentioned in their announcement, old signing certificates are planned to be revoked. Hence, replacing the older version of AnyDesk with the newest version available (signed by new signing certificates) is recommended. Currently, the latest version for Windows, 8.0.8, has already been published.
In case you were explicitly reached out by the AnyDesk team regarding a possible compromise in your environment, or you have any concerns related to it, please feel free to reach out to Team Axon.