Axon Rapid Response - AnyDesk Incident - February 2024
Incident Report for Rapid Response Status Page
This incident has been resolved.
Posted Feb 05, 2024 - 11:58 UTC
Dear customers,

Team Axon is aware of the latest publications around AnyDesk’s incident.
As per the public announcement of AnyDesk, there is no evidence that any end-user device had been affected.

For your convenience, the team has released visibility queries for the identification of AnyDesk-related executions and file events using EDR telemetry, as can be found in the following link:

The queries can be used by your team for multiple purposes, including:

- Tracking AnyDesk usage throughout the organizational infrastructure.

- Identification of suspicious AnyDesk usage

- Identification of existing AnyDesk versions throughout the organizational infrastructure, making sure only up-to-date versions are being used. (Using the file hashes available, so as potentially using certificate information)

As recommended by the AnyDesk team, please consider the following:

- AnyDesk Password Reset - It is recommended to reset the AnyDesk passwords.

- Password Reuse - In case of usage of the same/similar passwords to AnyDesk passwords for authentication to other platforms/applications, it is highly recommended to reset those passwords to different, long, and complex passwords.

- Installation of the newest version of AnyDesk - As AnyDesk mentioned in their announcement, old signing certificates are planned to be revoked. Hence, replacing the older version of AnyDesk with the newest version available (signed by new signing certificates) is recommended. Currently, the latest version for Windows, 8.0.8, has already been published.

For more information about the incident please see the AnyDesk publication:

In case you were explicitly reached out by the AnyDesk team regarding a possible compromise in your environment, or you have any concerns related to it, please feel free to reach out to Team Axon.

Team Axon
Posted Feb 04, 2024 - 18:19 UTC
This incident affected: Rapid Response.