ConnectWise, a prominent provider of remote access and support software, has announced that it was targeted in a cyber attack believed to have been carried out by a nation-state threat actor. The company disclosed this information in a brief advisory issued on May 28, 2025, emphasizing that the incident affected a very small number of its ScreenConnect customers. The exact number of customers impacted, as well as the timeline of the attack and the identity of the threat actor, remain undisclosed.
To investigate the incident thoroughly, ConnectWise has engaged the expertise of Google Mandiant for a forensic analysis. The company has also promptly notified all customers who may have been affected by the breach. The details surrounding the cyber attack were initially reported by CRN following ConnectWise’s advisory.
In late April 2025, the company had already addressed a high-severity vulnerability (CVE-2025-3935) in versions 25.2.3 and earlier of its ScreenConnect software that could have allowed for severe security exploits and valid code injection attacks, as noted in a prior advisory. This vulnerability was addressed in the updated version 25.2.4 of ScreenConnect. It is, however, currently uncertain whether the recent cyber attack is linked to this earlier reported vulnerability.
To enhance security measures, ConnectWise has implemented stronger monitoring and hardening processes across its infrastructure to mitigate future risks. In a statement, the company noted, “We have not observed any further suspicious activity in any customer instances,” signaling that it remains vigilant in monitoring the situation. The ongoing security of its customers is a top priority as the investigation unfolds.
It is noteworthy that in early 2024, security flaws within ConnectWise’s ScreenConnect software had previously been exploited by threat actors from various nation-states, including those from China, North Korea, and Russia. These incidents underscored the vulnerabilities associated with remote access tools and the continuous threat posed by sophisticated cyber attackers.