ConnectWise affected by nation state cyberattack, some affected ScreenConnect customer systems
- Advertisement -
Related Posts
- Advertisement -
- ConnectWise customers informed of an attack sponsored by the State
- A “small number” screen connect customers was affected
- The company has activated its Incident Response Plan and has set up third -party experts
ConnectWise has revealed that it recently suffered a cyber attack, probably by a ‘refined actor of the nation’.
In a short announcement published on its website, the company said that it recently heard of “suspicious activities” in his environment, which influenced a “very small number” of ScreenConnect customers.
“We started a study with one of the leading forensic experts, Mandiant,” says the announcement. “We have contacted all affected customers and coordinate with law enforcement. As part of our work with Mandiant, we have implemented improved monitoring and paving measures in our environment.”
Multiple attacks
Different than that, details are scarce. We do not know what threat actor this is, how they have succeeded in infiltrating the infrastructure of ScreenConnect, how long they lived or what they were looking for.
We also do not know exactly how many customers are affected, or in which industries they work.
ScreenConnect said that no further activity, “in any customer authorities” were observed.
“The security of our services is of the utmost importance for us, and we keep a close eye on the situation and will share additional information if we can.”
In this context, the Hacker News reported that the company had solved two security errors In 2024, which were used “by both cyber crime and nation-state threat actors”, including those from China, North Korea and Russia.
The two vulnerabilities are followed as CVE-2024-1708 and CVE-2024-1709. It also said that the company has established a high vulnerability of the seriousness in screen connect versions 25.2.3 and earlier, which could be used for Viewstate Code injection -attacks with the help of publicly announced ASP.NET Machine keys. It does not specifically state that the criminals used these errors in the attacks.
As popular Remote support and access solutionScreenConnect is generally adopted by Managed Service Providers (MSPs), internal IT teams and technological resellers.
Maybe you like it too
- Advertisement -
