ConnectWise Conundrum: When State-Sponsored Hackers Crash the IT Party
ConnectWise recently faced a suspected state-sponsored cyberattack, impacting a limited number of ScreenConnect customers. The IT management software firm is now in full detective mode with forensic experts. While the breach might have hit cloud-based instances, ConnectWise assures us it’s battening down the hatches with tightened security across its network.
Hot Take:
ConnectWise just had its own “whoopsie doodle” moment, courtesy of a state-sponsored cyber ninja. Like an episode of CSI: Cyber, they’ve called in the big guns at Mandiant to investigate. Meanwhile, a few ScreenConnect customers are left wondering if their digital castles have been breached. While ConnectWise tries to patch things up faster than you can say “ViewState code injection,” customers are left feeling like they’re in a cybersecurity version of “Lost in Translation.” Here’s hoping ConnectWise can connect the dots before they find themselves in a sequel no one asked for!
Key Points:
– ConnectWise was breached by a suspected state-sponsored actor, affecting a limited number of ScreenConnect customers.
– An investigation is underway with Mandiant, and law enforcement has been contacted.
– The breach reportedly occurred in August 2024 but was discovered in May 2025.
– The breach is linked to a high-severity vulnerability, CVE-2025-3935, patched in April 2025.
– Customers are frustrated with the lack of detailed information and indicators of compromise.