<ul><li>ConnectWise detected suspicious activity linked to a nation-state actor, impacting a small number of its ScreenConnect customers.</li><li>ConnectWise confirmed the cyberattack and launched an investigation with cybersecurity firm Mandiant, patching the flaw in ScreenConnect and implementing enhanced security measures.</li><li>The breach possibly occurred in August 2024 and went unnoticed until May 2025. The ScreenConnect flaw (CVE-2025-3935) may have allowed remote code execution via stolen machine keys.</li><li>Threat actors exploited ScreenConnect vulnerabilities (CVE-2024-1709 and CVE-2024-1708) in early 2024, with Black Basta and Bl00dy ransomware groups actively exploiting the flaws.</li></ul>

ConnectWise suffered a cyberattack carried out by a sophisticated nation state actor

Discover more