The AnyDesk security breach is a reminder of why secure remote access matters. After a routine audit, AnyDesk discovered its production systems had been compromised, which proves that some remote access tools lack security at their core.
Key Details of the AnyDesk Breach
An Internal Audit Revealed a Serious Security Incident
According to an incident response by AnyDesk, a security audit found that some of the company’s systems had been compromised. While the incident wasn’t related to ransomware, attackers used the breach to gain unauthorized access to sensitive information on AnyDesk’s systems.
AnyDesk has downplayed the incident, claiming that the situation was under control. However, users were urged to reset their passwords if they had installed AnyDesk on their systems and used the same credentials elsewhere. The timing of maintenance in the days before the public announcement, as well as the late Friday afternoon press release from AnyDesk, indicates that the breach occurred several days before they publicly acknowledged it.
Bad Actors Stole Source Code and Signing Certificates
BleepingComputer discovered that the attackers stole source code and private code signing keys, which were later used to push malware under the guise of trusted software.
Attackers Used the Certificate to Spread Malware
With the stolen certificate, cybercriminals signed and distributed more than 500 samples of Agent Tesla, which is a well-known remote access trojan (RAT). These files appeared authentic, making it easier for them to slip past defenses and infect devices.
18,000+ Customer Credentials Leaked
Resecurity reported that over 18,000 AnyDesk user credentials surfaced on the dark web.
Organizations must be aware of the risks associated with remote access software and take proactive measures to secure their systems and data. This includes monitoring for any signs of malicious activity and ensuring that all security protocols are up to date.
In response, AnyDesk issued a new code signing certificate and urged users to change their passwords, especially if they’d used the same credentials elsewhere.
An Additional Security Flaw Discovered
As if the breach itself wasn’t enough, a critical vulnerability identified as CVE-2024-13754 was disclosed in AnyDesk’s handling of desktop background images. This flaw allows local attackers with low-privileged access to escalate their privileges by exploiting the way AnyDesk processes background images during session initialization.
A proof-of-concept exploit was released in early 2025, increasing the urgency for users to update to the latest version to mitigate potential risks.
Attackers Impersonated CERT-UA in a Social Engineering Campaign
In early 2025, attackers began impersonating Ukraine’s Computer Emergency Response Team (CERT-UA) by sending fraudulent AnyDesk connection requests under the guise of conducting security audits. These social engineering attacks aimed to trick users into granting remote access, potentially leading to unauthorized data access or system compromise.
CERT-UA has clarified that while it may use remote access tools like AnyDesk, such actions are only taken after prior agreement through official communication channels.
How AnyDesk Responded to the Breach
Following the breach, AnyDesk took several measures to secure its systems and protect users. The company revoked all security-related certificates, including code-signing certificates, and replaced them with new ones.
Additionally, AnyDesk invalidated all passwords to its customer web portal and urged users to reset their passwords, especially if the same credentials were used elsewhere. These actions were part of a comprehensive incident response plan to mitigate the breach’s impact.
Why Should You Take the AnyDesk Attack Seriously?
If you’re an AnyDesk user, you should take this news very seriously. And even if you’re using another remote access solution, this needs to make you challenge its security credentials.
Unfortunately, this is not the first time that something like this has happened. As we said at the time of the GoTo security incident, when security is not the first priority, customers are the ones who end up suffering.
RealVNC’s commitment to security
At RealVNC, security isn’t a feature; it’s the foundation. Every connection, every update, every line of code is built around keeping your data protected.
ISO 27001 Certification is More Than Just a Badge
We’re ISO 27001 certified, which means we follow one of the most rigorous global standards for information security. That includes continuous risk assessments, company-wide controls, independent audits, and regular training for our team.
In short, it’s proof that we don’t just react to threats. We plan for them. If your remote access provider isn’t certified, ask why.
Built for Zero Trust
Our software is designed to be secure even if you don’t trust us.
- No stored sessions. No decryptable data.
- Every connection is treated like it’s under attack.
- Access is always controlled by the person at the remote machine.
Even if someone stole your portal credentials, they’d still need a second set (like Active Directory) to access a device. We don’t store those. We don’t even store portal passwords in plaintext. Yes, it adds a small amount of friction. But it’s friction that protects you and provides a secure environment.
Third-party Audited, Customer Trusted
We also commissioned a full white-box security audit from Cure53, a respected independent firm. Their assessment confirmed our strong security posture across the board. When vendors skip this kind of testing, end users are the ones who suffer.
Your Data is in Safe Hands with RealVNC
RealVNC has never experienced a data breach. And we’re working hard to keep it that way.
This is what RealVNC CEO Adam Greenwood-Byrne had to say:
I’m proud of RealVNC’s unblemished security record, and we continue to invest in systems and services that ensure we remain on the strongest footing. Customers who have been with us for years, including government departments around the world, recognise the value of our security stance just as well as we recognise the trust they place in us as their remote access vendor of choice.
We value those relationships tremendously at RealVNC and our team works tirelessly to ensure our customers have what they need to feel safe. The Internet is a much more dangerous place than it was 20 years ago and we are committed to evolving and adapting accordingly.
What Should You Do Next?
Start by asking if your remote access provider can prove that it’s secure. But don’t just take them at their word. Look for hard evidence like independent audits, ISO 27001 certification, and an architecture that doesn’t rely on trust alone. If your current provider can’t offer that, it might be time to move on.
RealVNC Connect is designed for teams that need secure, flexible remote access without the risk. It brings the Viewer and Server together into one simple app, works across Windows, Mac, Linux, and mobile, and includes features like file transfer, multi-monitor support, in-session chat, and an easy-to-use interface.
It’s not just about usability. It’s about control.
RealVNC uses self-expiring session codes and never stores session data or decryptable credentials. You control who connects, when, and how. And with Code Connect, you can set up invite-only access and always know who’s on the other end.
Want remote access that’s actually secure? Try RealVNC Connect. It’s trusted by IT leaders, government teams, and security-conscious organizations around the world. Start your free trial today.
