- Better Together: How MFA and Strong Password Practices Can Help Bolster Security
- “美 CISO 평균 연봉 6억,상위 1%는 60억원 넘어···보안 예산은 여전히 부족” IANS 설문조사
- 아웃시스템즈, 매출 5억 유로 돌파 및 신임 CEO 선임 발표
- 정철환 칼럼 | 변화의 바람에 맞설 것인가? 따를 것인가?
- Best home automation systems 2025: I'm a smart home reviewer and these are the top ones
ConnectWise Confirms Hack, “Very Small Number” of Customers Affected
ConnectWise, the developer of remote access and support software ScreenConnect, has confirmed it was targeted by a cyber-attack from a nation-state threat actor.
In a message sent to Infosecurity, a ConnectWise spokesperson said, “We recently learned of suspicious activity within our environment that we believe was tied to a sophisticated nation-state actor, which affected a very small number of ScreenConnect customers.”
The firm did not provide any details on the intrusion.
It did however note that it has “patched ScreenConnect and implemented enhanced monitoring and hardening measures across our environment.” This could suggest that the initial access was an exploit of a zero-day vulnerability.
The company has launched an investigation in collaboration with Google Cloud-owned Mandiant and noted it has not observed any further suspicious activity in any customer instances.
“We have communicated with all affected customers and are coordinating with law enforcement and will share additional information as we are able,” the ConnectWise spokesperson added.
The incident occurred just a week before the company’s annual IT Nation Secure conference in Orlando, Florida. US tech media CRN reported that the incident will be discussed at the event.
It also comes over a year after several vulnerabilities were found in ConnectWise’s ScreenConnect, affecting both cloud and on-premises systems. Cloud environments were patched in February 2024 and partners using on-premises servers were instructed to update their systems urgently.
Will Thomas, Senior Threat Intelligence Advisor at Team Cymru, noted on LinkedIn that vulnerabilities in remote monitoring management (RMM) tools have been increasingly targeted in recent months, including AnyDesk, TeamViewer and BeyondTrust.
Thomas highlighted that Russian intelligence services were named as breaching TeamViewer, while Chinese intelligence services were believed to have breached BeyondTrust.
“It seems to me like it’s APT open season on RMM tool vendors,” he added.
