ConnectWise, a leading provider of software solutions for managed service providers, disclosed today that it detected suspicious activity within its environment, believed to be orchestrated by a sophisticated nation-state actor.
The breach, which impacted a small number of ScreenConnect customers, has prompted an immediate response from the company, including an investigation led by top cybersecurity firm Mandiant.
ConnectWise is a global leader in business automation software for technology service providers, offering solutions like ScreenConnect to streamline remote support and management. The company serves thousands of partners worldwide, delivering tools to enhance operational efficiency and client service.
.png
)
In a statement released on May 28, ConnectWise confirmed that the incident involved unauthorized access to its internal systems. While the company emphasized that only a limited number of customers were affected, the involvement of a nation-state actor underscores the growing threat of advanced cyberattacks targeting critical software providers.
“ConnectWise recently learned of suspicious activity within our environment that we believe was tied to a sophisticated nation state actor, which affected a very small number of ScreenConnect customers,” the Tampa, Fla.-based vendor said in a statement.
“We have launched an investigation with one of the leading forensic experts, Mandiant. We have communicated with all affected customers and are coordinating with law enforcement.”
“As part of our work with Mandiant, we patched ScreenConnect and implemented enhanced monitoring and hardening measures across our environment.”
“We have not observed any further suspicious activity in any customer instances. The security of our services is paramount to us, and we are closely monitoring the situation and will share additional information as we are able.”
“We take the security of our services extremely seriously,” ConnectWise stated. Upon detecting the suspicious activity, we swiftly engaged Mandiant, one of the leading forensic experts, to investigate the incident. We have also implemented enhanced monitoring and hardening measures across our environment to prevent further incidents.
ConnectWise has notified all affected customers and is working closely with law enforcement to address the breach.
The company reports that no additional suspicious activity has been observed in customer instances since the initial detection. ConnectWise has committed to providing updates as more information becomes available.
ScreenConnect, a remote access and support tool widely used by IT service providers, could represent a high-value target for attackers seeking to infiltrate multiple organizations through a single point of compromise.
Cyber Security News reached out to Connectwise to learn more about how many customers affected by this incident, But did not disclose information about when the breach occurred as well as the number of affected MSPs or end users, however the source said the vendor reached out to all those impacted by the breach.
Cybersecurity experts are urging ConnectWise customers to remain vigilant, apply any recommended patches or updates, and monitor their systems for unusual activity.
Find this News Interesting! Follow us on Google News, LinkedIn, & X to Get Instant Updates!
