- Connectwise notified customers about an attack sponsored by the State
- A “small number” of Screenconnect customers was affected
- The company activated its incident response plan and brought third -party experts.
Connectwise has revealed that he recently suffered a cyber attack, probably at the hands of a “sophisticated actor of the Nation State.”
In a brief announcement published on its website, the company said that it recently learned of the “suspicious activity” within its surroundings, which affected a “very small number” of customers of Screenconnect.
“We have launched an investigation with one of the main forensic experts, Mandiant,” says the announcement. “We have contacted all affected customers and we are coordinating with the application of the law. As part of our work with Mandiant, we implement improved monitoring and hardening measures in our entire environment.”
Multiple attacks
Apart from that, the details are scarce. We do not know what threat actor is this, how they managed to infiltrate Screennect infrastructure, how long they lived or what they were looking for.
Nor do we know exactly how many clients were affected or in which industries operate.
Screenconnect said no more activity was observed, “in any case of customers.”
“The security of our services is essential for us, and we are closely monitoring the situation and we will share additional information as we can.”
In this context, The Hacker News reported that the company repaired two security failures in 2024, which were used “by the actors of Cyberdrema cybernetic and threat of nation-state”, including those of China, North Korea and Russia.
The two vulnerabilities are traced as CVE-2024-1708 and CVE-2024-1709. He also said that the company set a high -gravity vulnerability in the versions of Screenconnect 25.2.3 and previous, which could be exploited for the ViewState code injection attacks using publicly disclosed publicly Asp.net Machine keys. It does not specifically indicate that criminals used these defects in the attacks.
As a popular remote support and access solution, Screenconnect is widely adopted by managed service suppliers (MSP), IT teams and technology resellers.
Through The hacker news
