ConnectWise, the developer of distant entry and assist software program ScreenConnect, has disclosed that it was the sufferer of a cyber assault that it mentioned was seemingly perpetrated by a nation-state risk actor.
“ConnectWise lately realized of suspicious exercise inside our surroundings that we imagine was tied to a classy nation-state actor, which affected a really small variety of ScreenConnect clients,” the corporate mentioned in a short advisory on Could 28, 2025.
The corporate mentioned it has engaged the companies of Google Mandiant to conduct a forensic probe into the incident and that it has notified all affected clients. The incident was first reported by CRN.
Nonetheless, it didn’t reveal the precise variety of clients who had been impacted by the hack, when it occurred, or the id of the risk actor behind it.
It is value noting that the corporate, in late April 2025, patched CVE-2025-3935 (CVSS rating: 8.1), a high-severity vulnerability in ScreenConnect variations 25.2.3 and earlier that could possibly be exploited for ViewState code injection assaults utilizing publicly disclosed ASP.NET machine keys – a way Microsoft disclosed earlier this February.
The difficulty was addressed in ScreenConnect model 25.2.4. That mentioned, it is presently not identified if the cyber assault is linked to the exploitation of the vulnerability.
ConnectWise mentioned it has carried out enhanced monitoring and hardening measures throughout its setting to stop such assaults from occurring once more sooner or later.
“We now have not noticed any additional suspicious exercise in any buyer situations,” it added, stating it is carefully monitoring the scenario.
In early 2024, safety flaws in ConnectWise ScreenConnect software program (CVE-2024-1708 and CVE-2024-1709) had been exploited by each cybercrime and nation-state risk actors, together with these from China, North Korea, and Russia, to ship a wide range of malicious payloads.
