ConnectWise Discloses Suspected State-Sponsored Hack

The IT software provider says ScreenConnect users were impacted by the attack, which exploited a high-severity ASP.NET vulnerability.

IT management software provider ConnectWise has warned customers that a suspected state-sponsored threat actor had breached its network.

“ConnectWise recently learned of suspicious activity within our environment that we believe was tied to a sophisticated nation state actor, which affected a very small number of ScreenConnect customers,” the company said in a scarce advisory.

The Florida-based company says it has notified all impacted customers and that it is investigating the incident together with Mandiant. Law enforcement has been notified as well.

“As part of our work with Mandiant, we implemented enhanced monitoring and hardening measures across our environment. We have not observed any further suspicious activity in any customer instances,” the company said.

“We are closely monitoring the situation and will share additional information as we are able,” ConnectWise said, responding ...