ConnectWise did not disclose information about when the data breach occurred, as well as the number of MSPs or end users impacted by the breach.

‘ConnectWise recently learned of suspicious activity within our environment that we believe was tied to a sophisticated nation state actor, which affected a very small number of ScreenConnect customers,’ ConnectWise said in a statement.

ConnectWise has confirmed it suffered a recent cyberattack that led to unauthorized access of its ScreenConnect cloud infrastructure.

“ConnectWise recently learned of suspicious activity within our environment that we believe was tied to a sophisticated nation state actor, which affected a very small number of ScreenConnect customers,” the Tampa, Fla.-based vendor said in a statement. “We have launched an investigation with one of the leading forensic experts, Mandiant. We have communicated with all affected customers and are coordinating with law enforcement. As part of our work with Mandiant, we patched ScreenConnect and implemented enhanced monitoring and hardening measures across our environment. We have not observed any further suspicious activity in any customer instances. The security of our services is paramount to us, and we are closely monitoring the situation and will share additional information as we are able.”

No further signs of malicious activity have been detected since the update was applied, a source familiar with the situation, who asked for anonymity, told CRN.

An analysis of the recent ConnectWise ScreenConnect authentication bypass vulnerability, root cause, and indicators of compromise.