- Connectwise informed customers of a state sponsored by the state
- A “small number” of ScreenConnect customers has been affected
- The company has triggered its response plan to incidents and called on third -party experts
Connectwise revealed that he had recently undergone a cyber attack, probably in the hands of a “sophisticated national actor”.
In a short announcement published on its website, the company said it recently learned “a suspicious activity” in its environment, which affected a “very small number” of ScreenConnect customers.
“We have launched an investigation with one of the main medical-legal, mandiant experts,” said the announcement. “We contacted all the customers affected and coordinated with the police. As part of our work with Mandiant, we have implemented improved surveillance and hardening measures in our environment. ”
Multiple attacks
Apart from that, the details are rare. We do not know which actor of threat it is, how they managed to infiltrate the infrastructure of ScreenConnect, how long they lived or what they were looking for.
We also do not know how many customers have been assigned or in the industries they operate.
ScreenConnect said that no other activity, “in no case customer” has been observed.
“The security of our services is essential for us, and we closely monitor the situation and share additional information as we can.”
In this context, Hacker News reported that the company had corrected two security defects in 2024, which were used “by cybercrime and nation-state actors”, including those of China, North Korea and Russia.
The two vulnerabilities are followed under the name of CVE-2024-1708 and CVE-2024-1709. He also declared that the company has set high severity vulnerability in ScreenConnect 25.2.3 and earlier, which could be exploited for ViewState code injection attacks by publicly disclosed disclosed Asp.net Machine keys. It does not specifically indicate that criminals have used these faults in attacks.
As a popular remote assistance and access solution, ScreenConnect is largely adopted by managed service providers (MSP), internal IT teams and technological resellers.
Via The Hacker News
