At least Anydesk didn’t take Teamviewer’s approach and deny the breach for 3 years while blaming their customers for the problem, but it’s time to rethink using these remote access apps.
In the past year for personal use I’ve moved to VNC and Nomachine server apps that are inaccessible from the Internet without first activating a Wireguard tunnel. The tunnel ports don’t even appear to be open when scanned. Hopefully this setup offers more security than relying on a company to make sure their systems are up to date.
Even Hersh’s article lacks any kind of supporting evidence, only siting a single unidentified source. His story is plausible, but plausible does not mean true.
IMO we will never know. Every company has a vested interest in hiding the cause of a breach if it makes them look bad.