- Connectwise informed clients about a state -sponsored attack
- A “small number” of Screenconnect -customers were affected
- The company triggered its incident response plan and brought in third -party experts
Connectwise has revealed that it has recently suffered a cyber attack, probably in the hands of a “sophisticated nation -state actor.”
In a short message published on its website, the company said it recently learned about “suspicious activity” within its environment, which affected a “very small number” of Screenconnect customers.
“We have launched a study with one of the leading forensic experts, Mandiant,” says the announcement. “We have contacted all affected customers and coordinates with law enforcement. As part of our work with Mandiant, we implemented improved monitoring and curing measures across our environment.”
More attacks
Apart from that, details are scarce. We do not know what threat actor this is, how they managed to infiltrate Screenconnect’s infrastructure, how long they lived or what they were looking for.
We also do not know exactly how many customers were affected or how industries they operate.
Screenconnect said no additional activity was observed, “in any customer body”.
“The security of our services is important to us and we closely monitor the situation and will share additional information that we are capable of.”
In this context, Hacker News reported that the company patched two security errors in 2024, which were used “by both cybercrime and the nation -state threat actors”, including those from China, North Korea and Russia.
The two vulnerabilities are traced as CVE-2024-1708 and CVE-2024-1709. It also said that the company got a high earnings vulnerability in Screenconnect versions 25.2.3 and earlier, which could be utilized for ViewState -Code Innation attacks using publicly revealed Asp.net Machine keys. It does not specifically indicate the criminals who used these deficiencies in the attacks.
As a popular remote support and access solution, Screenconnect is widely adopted by managed service providers (MSPs), internal IT teams and technology dealers.
Via Hacker the news
