Blog Security Research The AnyDesk Breach: Overview and Recommendations On February 2, 2024, popular remote access solution AnyDesk disclosed that it had suffered a cyberattack that led to a compromise of its production systems. Code signing certificates and user passwords to AnyDesk’s web portal were revoked as a consequence. According to this blog post by Resecurity, on February 3, threat actors offered more than 18,000 AnyDesk credentials for sale on the dark web (Figure 1). The connection of the sale of credentials to the recent breach is still unclear, but this incident highlights the risk imposed by the compromise of leaked AnyDesk credentials. In this post,  we aim to provide defenders with resources to help assess the risk level for their environments and identify and mitigate potential breaches. Potential impact on organizations AnyDesk software is widely used by many organizations; we saw AnyDesk being used in approximately 25% of networks monitored by Akamai .…