A state-sponsored hacking group has infiltrated ConnectWise, a vendor that supplies remote access software widely used in corporate IT management. 

Florida-based ConnectWise warned about the breach this week, saying it “recently learned of suspicious activity within our environment that we believe was tied to a sophisticated nation-state actor.” The hack “affected a very small number” of customers for ScreenConnect, a remote access tool that IT support technicians use to troubleshoot employees’ computers, ConnectWise says. 

Despite the small number of victims, the incident raises alarm bells since ConnectWise often sells services to so-called “managed service providers (MSPs),” which companies hire to help manage their IT and computer systems. As a result, it’s possible the hackers breached ConnectWise to infiltrate MSPs and access to even more companies. 

BleepingComputer also reports that the breach initially occurred almost a year ago, in August 2024. In addition, cybersecurity researchers suspect the hack is tied to a ScreenConnect “high” vulnerability called CVE-2025-3935, which can pave the way for a hacker to execute malicious computer code on a web server. ConnectWise only patched the flaw last month. 

“ScreenConnect vulnerabilities have previously been exploited by the Black Basta ransomware operation and North Korea-attributed nation-state group, Kimsuky,” security vendor Black Point Cyber said in its own alert. 

ConnectWise didn’t immediately respond to a request for comment, so it’s unclear if the CVE-2025-3935 vulnerability was involved in the breach. The company has provided few details about the hack, but says it hired Google’s cybersecurity unit Mandiant to investigate the breach. 

“We have contacted all affected customers and are coordinating with law enforcement,” the company’s alert says. “As part of our work with Mandiant, we implemented enhanced monitoring and hardening measures across our environment. We have not observed any further suspicious activity in any customer instances.”

Get Our Best Stories!

Stay Safe With the Latest Security News and Updates

Sign up for our SecurityWatch newsletter for our most important privacy and security stories delivered right to your inbox.

By clicking Sign Me Up, you confirm you are 16+ and agree to our Terms of Use and Privacy Policy.

Thanks for signing up!

Your subscription has been confirmed. Keep an eye on your inbox!

About Michael Kan

Senior Reporter

I’ve been working as a journalist for over 15 years—I got my start as a schools and cities reporter in Kansas City and joined PCMag in 2017.

Read Michael’s full bio

Read the latest from Michael Kan