ConnectWise Hit by Cyberattack; Nation-State Actor Suspected in Targeted Breach

ConnectWise Hit by Cyberattack; Nation-State Actor Suspected in Targeted Breach

Posted on By CWS

Could 30, 2025Ravie LakshmananVulnerability / Information Breach
ConnectWise, the developer of distant entry and assist software program ScreenConnect, has disclosed that it was the sufferer of a cyber assault that it mentioned was probably perpetrated by a nation-state menace actor.
“ConnectWise not too long ago discovered of suspicious exercise inside our surroundings that we consider was tied to a classy nation-state actor, which affected a really small variety of ScreenConnect prospects,” the corporate mentioned in a short advisory on Could 28, 2025.
The corporate mentioned it has engaged the companies of Google Mandiant to conduct a forensic probe into the incident and that it has notified all affected prospects. The incident was first reported by CRN.
Nonetheless, it didn’t reveal the precise variety of prospects who had been impacted by the hack, when it occurred, or the id of the menace actor behind it.
It is value noting that the corporate, in late April 2025, patched CVE-2025-3935 (CVSS rating: 8.1), a high-severity vulnerability in ScreenConnect variations 25.2.3 and earlier that may very well be exploited for ViewState code injection assaults utilizing publicly disclosed ASP.NET machine keys – a way Microsoft disclosed earlier this February.

The problem was addressed in ScreenConnect model 25.2.4. That mentioned, it is at the moment not identified if the cyber assault is linked to the exploitation of the vulnerability.
ConnectWise mentioned it has applied enhanced monitoring and hardening measures throughout its surroundings to forestall such assaults from taking place once more sooner or later.
“Now we have not noticed any additional suspicious exercise in any buyer situations,” it added, stating it is intently monitoring the state of affairs.
In early 2024, safety flaws in ConnectWise ScreenConnect software program (CVE-2024-1708 and CVE-2024-1709) had been exploited by each cybercrime and nation-state menace actors, together with these from China, North Korea, and Russia, to ship quite a lot of malicious payloads.

Discovered this text fascinating? Comply with us on Twitter  and LinkedIn to learn extra unique content material we publish.

The Hacker News Tags:, , , , , , ,

Related Posts

LofyGang Returns with Minecraft Malware Campaign LofyGang Returns with Minecraft Malware Campaign The Hacker News
Cloud Password Managers Face Security Challenges Cloud Password Managers Face Security Challenges The Hacker News
Researchers Uncover 30+ Flaws in AI Coding Tools Enabling Data Theft and RCE Attacks Researchers Uncover 30+ Flaws in AI Coding Tools Enabling Data Theft and RCE Attacks The Hacker News
Boost Cybersecurity with AI-Powered Risk Management Boost Cybersecurity with AI-Powered Risk Management The Hacker News
Google Gemini Vulnerability Exposed by Notifications Google Gemini Vulnerability Exposed by Notifications The Hacker News
Unveiling Eight Attack Vectors in AWS Bedrock Unveiling Eight Attack Vectors in AWS Bedrock The Hacker News