ConnectWise, a Florida-based IT management software provider, experienced a cybersecurity incident involving the compromise of its **ScreenConnect cloud infrastructure**, suspected to be a **state-sponsored cyberattack**. The breach was contained swiftly through immediate patching, enhanced monitoring, and strengthened security mechanisms. While the exact scope of the data compromise remains undisclosed, the incident was limited to a **small subset of organizations** using ScreenConnect. Malicious activity was mitigated, and no further exploitation was reported. The event underscored vulnerabilities in managed service providers (MSPs), prompting industry calls for heightened security measures to protect vendors, MSPs, and end-users. No evidence suggested large-scale data theft, financial fraud, or operational disruptions beyond the initial intrusion. The focus remained on preventing future exploits rather than addressing widespread damage.
Source: https://www.scworld.com/brief/connectwise-screenconnect-infrastructure-hack-confirmed
TPRM report: https://www.rankiteo.com/company/connectwise
"id": "con2965729112825",
"linkid": "connectwise",
"type": "Cyber Attack",
"date": "5/2025",
"severity": "60",
"impact": "2",
"explanation": "Attack limited on finance or reputation"{'affected_entities': [{'customers_affected': 'few organizations using '
'ScreenConnect',
'industry': 'technology/software',
'location': 'Florida, USA',
'name': 'ConnectWise',
'type': 'IT management software provider'}],
'description': 'Florida-based IT management software provider ConnectWise '
'disclosed the compromise of its ScreenConnect cloud '
'infrastructure in a suspected state-sponsored cyberattack. '
'Only a few organizations using ScreenConnect were impacted. '
'The incident was resolved with immediate patching efforts and '
'the adoption of more robust monitoring and security '
'mechanisms. Malicious activity was successfully mitigated, '
'though additional details regarding the timeline and extent '
'of the data breach were not provided.',
'impact': {'brand_reputation_impact': 'highlighted security risks for managed '
'software providers; reminder for '
'vendors to improve security measures',
'operational_impact': 'limited (only a few organizations using '
'ScreenConnect were impacted)',
'systems_affected': ['ScreenConnect cloud infrastructure']},
'investigation_status': 'resolved; malicious activity mitigated',
'lessons_learned': 'Incident highlights the security risks faced by managed '
'software providers. Vendors must focus on protecting '
'themselves, their customers (MSPs), and end-users, as no '
'system is 100% secure.',
'post_incident_analysis': {'corrective_actions': ['immediate patching',
'enhanced monitoring and '
'security mechanisms']},
'recommendations': ['Continuously evaluate and improve security of software '
'offerings',
'Implement robust monitoring and security mechanisms',
'Proactively mitigate vulnerabilities to prevent '
'exploitation'],
'references': [{'source': 'CRN'}],
'response': {'communication_strategy': ['public disclosure via CRN'],
'containment_measures': ['immediate patching'],
'enhanced_monitoring': True,
'incident_response_plan_activated': True,
'remediation_measures': ['adoption of more robust monitoring and '
'security mechanisms']},
'threat_actor': 'suspected state-sponsored actor',
'title': 'Compromise of ConnectWise ScreenConnect Cloud Infrastructure in '
'Suspected State-Sponsored Cyberattack',
'type': ['cyberattack', 'compromise', 'suspected state-sponsored attack']}