ConnectWise Hit by Advanced Cyberattack: Internal Data at Risk

ConnectWise, a leading provider of IT management and remote access software, has confirmed a cyberattack attributed to a sophisticated nation-state actor.

The breach, discovered in May 2025, impacted a limited number of customers using the company’s ScreenConnect cloud platform, a tool widely used for remote support and system maintenance.

ConnectWise responded by engaging forensic experts from Mandiant, alerting affected customers, and coordinating with law enforcement.

The company asserts that enhanced monitoring and security hardening have since been implemented, and no further suspicious activity has been detected in customer environments.

The attack is believed to have exploited a critical vulnerability in ScreenConnect, tracked as CVE-2025-3935.

This high-severity flaw, rated CVSS 8.1, allowed attackers with privileged system-level access to execute remote code via ViewState code injection, leveraging unsafe deserialization in the ASP.NET framework.

While ConnectWise has not publicly confirmed the exact method of exploitation, security researchers and community ...