1. Forum
  2. tqwNet
  3. TQW GENTECH

  • ConnectWise hit by nation-state cyberattack, some ScreenConnect c

    From TechnologyDaily@1337:1/100 to All on Friday, May 30, 2025 10:30:09
    ConnectWise hit by nation-state cyberattack, some ScreenConnect customer systems affected

    Date:
    Fri, 30 May 2025 09:22:51 +0000

    Description:
    State-sponsored hackers are targeting Connectwise and its customers.

    FULL STORY ======================================================================Connectw ise notified customers about a state-sponsored attack A "small number" of ScreenConnect customers were affected The company triggered its incident response plan and brought in third party experts

    ConnectWise has revealed it recently suffered a cyberattack, likely at the hands of a sophisticated nation state actor.

    In a short announcement published on its website, the company said it
    recently learned of suspicious activity within its environment, which
    affected a very small number of ScreenConnect customers.

    We have launched an investigation with one of the leading forensic experts, Mandiant, the announcement says. We have contacted all affected customers and are coordinating with law enforcement. As part of our work with Mandiant, we implemented enhanced monitoring and hardening measures across our
    environment. Multiple attacks

    Other than that, details are scarce. We dont know which threat actor this is, how they managed to infiltrate ScreenConnects infrastructure, how long they dwelled, or what they were looking for.

    We also dont know exactly how many customers were affected, or in which industries they operate.

    ScreenConnect did say that no further activity, in any customer instances
    were observed.

    The security of our services is paramount to us, and we are closely
    monitoring the situation and will share additional information as we are
    able.

    In this context, The Hacker News reported that the company patched two security flaws in 2024, which were used by both cybercrime and nation-state threat actors, including those from China, North Korea, and Russia.

    The two vulnerabilities are tracked as CVE-2024-1708, and CVE-2024-1709. It also said the company fixed a high severity vulnerability in ScreenConnect versions 25.2.3 and earlier, which could be exploited for ViewState code injection attacks using publicly disclosed ASP.NET machine keys. It doesnt specifically state the criminals used these flaws in the attacks.

    As a popular remote support and access solution , ScreenConnect is widely adopted by Managed Service Providers (MSPs), internal IT teams, and
    technology resellers.

    Via The Hacker News You might also like LockBit ransomware still poses a major threat ScreenConnect under attack from new malware Take a look at our guide to the best authenticator app We've rounded up the best password managers



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/connectwise-hit-by-nation-state-cyberat tack-some-screenconnect-customer-systems-affected


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)