ConnectWise Confirms Cybersecurity Breach Impacting a Limited Number of Customers
ConnectWise, the developer of the remote access and support software ScreenConnect, has confirmed that it was targeted by a cyber-attack attributed to a nation-state threat actor.
In a statement, a representative from ConnectWise indicated that the company discovered suspicious activity within its environment, which was likely linked to sophisticated cyber actors, affecting only a small number of ScreenConnect customers. Specific details regarding the intrusion have not been disclosed.
To mitigate potential threats, ConnectWise has patched ScreenConnect and implemented enhanced monitoring and hardening measures across its environment, suggesting that the initial access could have been facilitated through the exploitation of a zero-day vulnerability.
The organization has initiated an investigation in collaboration with Mandiant, a company owned by Google Cloud, and has advised that no further suspicious activity has been detected in any customer instances. ConnectWise has actively communicated with affected customers and is coordinating with law enforcement agencies to provide further updates as the situation develops.
The cyber incident coincides with the company’s upcoming annual IT Nation Secure conference in Orlando, Florida, where discussions regarding the breach are expected to take place. This incident follows a series of vulnerabilities identified in ConnectWise’s ScreenConnect over the past year, impacting both cloud and on-premises systems. Critical patches for cloud environments were issued in February 2024, and partners using on-premises servers were urged to update their systems promptly.
Experts have noted an increasing trend in the targeting of vulnerabilities within remote monitoring management (RMM) tools, citing recent incidents involving other platforms, including AnyDesk, TeamViewer, and BeyondTrust. Analysts have suggested that Russian intelligence services have been implicated in breaches related to TeamViewer, while Chinese actors were suspected in attacks on BeyondTrust.
As the landscape of remote monitoring tools heats up, analysts caution that it appears to be a period of increased activity from advanced persistent threat (APT) groups targeting RMM tool vendors.
An international law enforcement operation has successfully dismantled AVCheck, a service utilized by cybercriminals for testing the detection capabilities of…
The FBI has issued a warning regarding the activities of a Philippines-based company identified as Funnull Technology Inc. (Funnull), which…
The recent exploitation of a critical security vulnerability in SAP NetWeaver has been linked to a state-sponsored threat actor based…
A targeted cyber-attack exploiting a managed service provider’s (MSP) remote monitoring and management tool has resulted in ransomware deployment and…
A critical Cross-Site Scripting (XSS) vulnerability, identified as CVE-2024-27443, has been detected within the CalendarInvite feature of the Zimbra Collaboration…
SK Telecom has disclosed a significant cybersecurity incident involving a malware intrusion that persisted undetected for nearly two years. This…
Anthropic is reportedly advancing its efforts with new AI models labeled Claude Sonnet 4 and Opus 4, following recent clues…
The recent breach at Coinbase has had significant implications, affecting approximately 70,000 customers. This alarming development was officially reported by…
Ransomware groups are increasingly leveraging a sophisticated malware known as Skitnet, also referred to as “Bossnet,” to conduct stealthy post-exploitation…