Cyber Attack cyber

ConnectWise

May 29, 2025 1 min read
ConnectWise

ConnectWise, a Florida-based software company providing IT management solutions, experienced a suspected state-sponsored cyberattack that breached its environment. The attack impacted a limited number of ScreenConnect customers, a remote access and support tool. The breach occurred in August 2024 and was discovered in May 2025, with the vulnerability tracked as CVE-2025-3935. The flaw allowed threat actors with privileged access to steal secret machine keys and conduct remote code execution on ScreenConnect servers, potentially accessing customer environments. The company has implemented enhanced monitoring and security measures but has not confirmed the extent of the breach or the specifics of the malicious activity observed.

Source: https://www.bleepingcomputer.com/news/security/connectwise-breached-in-cyberattack-linked-to-nation-state-hackers/

TPRM report: https://scoringcyber.rankiteo.com/company/connectwise

"id": "con454052925",
"linkid": "connectwise",
"type": "Cyber Attack",
"date": "5/2025",
"severity": "100",
"impact": "",
"explanation": "Attack threatening the organization’s existence"
{'affected_entities': [{'industry': 'IT Management',
                        'name': 'ScreenConnect customers',
                        'size': 'Very small number of customers',
                        'type': 'Companies using ScreenConnect'}],
 'attack_vector': 'Vulnerability Exploitation',
 'date_detected': 'May 2025',
 'description': 'A suspected state-sponsored cyberattack breached '
                "ConnectWise's environment, impacting a limited number of "
                'ScreenConnect customers. The breach was tied to the '
                'CVE-2025-3935 vulnerability, a high-severity ViewState code '
                'injection bug caused by unsafe deserialization of ASP.NET '
                'ViewState.',
 'impact': {'systems_affected': 'ScreenConnect cloud-hosted instances'},
 'investigation_status': 'Ongoing',
 'post_incident_analysis': {'root_causes': 'Vulnerability in ScreenConnect '
                                           '(CVE-2025-3935)'},
 'references': [{'source': 'CRN'}, {'source': 'BleepingComputer'}],
 'response': {'communication_strategy': 'Contacted all affected customers',
              'enhanced_monitoring': 'Implemented enhanced monitoring and '
                                     'hardened the security across its network',
              'law_enforcement_notified': True,
              'third_party_assistance': 'Mandiant (forensic experts)'},
 'threat_actor': 'Suspected nation state actor',
 'title': "Suspected State-Sponsored Cyberattack on ConnectWise's "
          'ScreenConnect',
 'type': 'Cyberattack',
 'vulnerability_exploited': 'CVE-2025-3935'}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.