ConnectWise, the developer of distant entry and help software program ScreenConnect, has disclosed that it was the sufferer of a cyber assault that it stated was probably perpetrated by a nation-state menace actor.
“ConnectWise not too long ago discovered of suspicious exercise inside the environment that we imagine was tied to a complicated nation-state actor, which affected a really small variety of ScreenConnect prospects,” the corporate stated in a quick advisory on Could 28, 2025.
The corporate stated it has engaged the companies of Google Mandiant to conduct a forensic probe into the incident and that it has notified all affected prospects. The incident was first reported by CRN.
Nonetheless, it didn’t reveal the precise variety of prospects who have been impacted by the hack, when it occurred, or the identification of the menace actor behind it.
It is price noting that the corporate, in late April 2025, patched CVE-2025-3935 (CVSS rating: 8.1), a high-severity vulnerability in ScreenConnect variations 25.2.3 and earlier that may very well be exploited for ViewState code injection assaults utilizing publicly disclosed ASP.NET machine keys – a way Microsoft disclosed earlier this February as being actively exploited by dangerous actors.
The difficulty was addressed in ScreenConnect model 25.2.4. That stated, it is presently not recognized if the cyber assault is linked to the exploitation of the vulnerability.
ConnectWise stated it has applied enhanced monitoring and hardening measures throughout its surroundings to forestall such assaults from occurring once more sooner or later.
“We’ve got not noticed any additional suspicious exercise in any buyer cases,” it added, stating it is intently monitoring the scenario.
In early 2024, safety flaws in ConnectWise ScreenConnect software program (CVE-2024-1708 and CVE-2024-1709) have been exploited by each cybercrime and nation-state menace actors, together with these from China, North Korea, and Russia, to ship quite a lot of malicious payloads.
