ConnectWise DDoS Attack Claimed by 313 Team

313 Team claims to have carried out a DDoS attack against ConnectWise, an American company that provides IT management software and services to managed service providers and IT teams across the industry. The group posted a screenshot showing connectwise.com returning an ERR_CONNECTION_CLOSED message and stated the disruption was scheduled to continue for two hours. ConnectWise has not publicly confirmed that 313 Team was behind any website disruption, and no matching public incident notice for the main site was visible in the company’s status materials when this was written.

ConnectWise is not a company most people outside of IT would immediately recognize, but inside the managed service provider world it is a well known name. Its platform covers PSA, RMM, remote support, ticketing, automation, billing, backup, and endpoint management, basically the kind of tooling that IT businesses depend on to keep their own operations running. That is what makes this target interesting. ConnectWise is not a consumer platform. It is infrastructure for other businesses. When a company like that takes a website hit, the people paying the most attention are the IT providers and MSPs that use it every day.

313 Team posted the claim publicly alongside the screenshot, and ConnectWise has not responded to it publicly by name. The sequence is straightforward enough. The site went down. 313 Team said they did it. Third-party tracking later showed connectwise.com coming back online after user-submitted outage reports on April 21.

It is also worth noting that ConnectWise was already dealing with a separate Automate cloud Solution Center connectivity issue that had been running since April 15 and moved to monitoring on April 17. So this was not exactly a quiet week for the company before the 313 Team claim even surfaced.

This is an availability story, not a breach story. Nothing here points to data being accessed or stolen. The claim is specifically about taking the site down, and based on the screenshot and the outage reports, that appears to be what happened, at least temporarily. Some people tend to wave off DDoS as not serious because it is just downtime, but that is a lot easier to say when it is not your platform. For a company that sells reliability and uptime as core parts of its value to IT businesses, a public website outage is not nothing.

ConnectWise is visible enough in its space that a claim against it travels fast among the people most likely to care about it. The site came back up, but the claim was already out there long before that happened.