Cyber Research Unit (CRU)

Threat Hunting and Threat Intelligence for TSPs and MSPs

Meet the team dedicated to decoding the mysteries of cybersecurity

Who we are

The ConnectWise CRU (Cyber Research Unit) is comprised of seasoned cyber professionals with deep engineering, IT administration, security operations, and incident analysis and response expertise. Leveraging years of real-world, hard knocks experience, the CRU team is dedicated to expanding the industry's collective understanding of today’s threat landscape. Armed with this intelligence, we seek to help defenders improve their defense-in-depth and keep critical assets safe.

All about the CRU

Security Content

All the latest in security news. The CRU identifies new vulnerabilities, researches them, and shares what they find with all to see.


The CRU has developed automated tools to perform basic analysis on security incidents to help automatically make decisions on escalation and remediation. 


With “research” in the name, it only makes sense that research is involved. They dig deep into automated and manual malware analysis, vulnerabilities, and more.


The CRU monitors ransom leak sites and malicious botnets for new threats, uses OSINT resources, and utilizes data from the Perch platform to help create content and complete research.

Threat Hunting

With the CRU, cyber threat hunting involves building visualizations to highlight abnormal activity, searching through data for new indicators of compromise (IoCs), or testing various queries and reviewing the results.


The CRU is a big fan of hosting CTFs, and for good reason. From their eyes, cybersecurity capture the flag events are a great way to dip your toes into cybersecurity or build upon expert skills.

Threat Report

View All >>
Threat Report
Cyberthreats are advancing—are you staying a step ahead?
Stay up to date with cyberthreats and strengthen your defenses with expert insights and guidance from the 2024 Q1 Quarterly MSP Threat Report.
security general icon
Threat Report
New Exchange Exploits Exploited in the Wild
News came out this week regarding a new method of exploiting Exchange that will bypass Microsoft’s recommended mitigations for ProxyNotShell.
security general icon
Threat Report
Patch Tuesday – December 2022
Latest security patches from Microsoft for December 2022
security general icon
Threat Report
Patch Tuesday – November 2022
Latest security patches from Microsoft for November 2022
security general icon
bearded male it technician working on laptop in front of server racks
ConnectWise Cyber Research Unit Threat Feeds

This repository contains lists of threat intelligence discovered by the CRU.


View the CRU threat feed >>
2024 MSP Threat Report

This report is purpose-built to give MSPs a deeper understanding of the threat landscape as it stood throughout 2023.

Download the report >>