ConnectWise Faces Cyber Drama: State-Sponsored Hackers Breach Network!
ConnectWise, an IT management software provider, recently discovered suspicious activity linked to a state-sponsored threat actor within its network. The breach affected a small number of ScreenConnect customers. ConnectWise is working with Mandiant to investigate, enhance security measures, and notify impacted customers. ConnectWise ScreenConnect is popular for remote desktop capabilities and has been targeted before.
Hot Take:
Looks like ConnectWise just went through a crash course in international relations—cybersecurity style! A state-sponsored threat actor decided their network was the perfect place for a little unauthorized field trip, and it seems like ConnectWise has been left holding the diplomatic bag. Fortunately, the threat was contained faster than you can say “ViewState code injection,” but not without some serious scrambling and a few sleepless nights for their IT team. Who knew connecting to the world could come with a side of espionage?
Key Points:
- ConnectWise detected suspicious activity linked to a state-sponsored threat actor.
- Affected customers of ScreenConnect have been notified and security measures enhanced.
- The breach involved a vulnerability (CVE-2025-3935) allowing code injection attacks.
- Microsoft identified the flaw and ConnectWise patched it in April 2024.
- ConnectWise is working with Mandiant and law enforcement on the investigation.