-
EDR / MDRIdentify, contain, respond, and stop malicious activity on endpoints
-
SIEMCentralize threat visibility and analysis, backed by cutting-edge threat intelligence
-
Risk Assessment & Dark Web MonitoringIdentify and quantify unknown cyber risks and vulnerabilities
-
Cloud App SecurityMonitor and manage security risk for SaaS apps
-
SOC ServicesProvide 24/7 threat monitoring and response backed by ConnectWise SOC experts
-
Policy ManagementCreate, deploy, and manage client security policies and profiles
-
Incident Response ServiceOn-tap cyber experts to address critical security incidents
-
Cybersecurity GlossaryGuide to the most common, important terms in the industry
Cyber Research Unit (CRU)
Threat Hunting and Threat Intelligence for TSPs and MSPs
Meet the team dedicated to decoding the mysteries of cybersecurity
All about the CRU
Security Content
All the latest in security news. The CRU identifies new vulnerabilities, researches them, and shares what they find with all to see.
Automation
The CRU has developed automated tools to perform basic analysis on security incidents to help automatically make decisions on escalation and remediation.
Research
With “research” in the name, it only makes sense that research is involved. They dig deep into automated and manual malware analysis, vulnerabilities, and more.
Intelligence
The CRU monitors ransom leak sites and malicious botnets for new threats, uses OSINT resources, and utilizes data from the Perch platform to help create content and complete research.
Threat Hunting
With the CRU, cyber threat hunting involves building visualizations to highlight abnormal activity, searching through data for new indicators of compromise (IoCs), or testing various queries and reviewing the results.
CTFs
The CRU is a big fan of hosting CTFs, and for good reason. From their eyes, cybersecurity capture the flag events are a great way to dip your toes into cybersecurity or build upon expert skills.
Threat Report
View All >>Threat Report
Formbook and Remcos Backdoor RAT
CRU Senior Threat Researcher Stu Gonzalez breaks down a payload the CRU captured in one of our spam traps. This was a Formbook payload that then downloaded the Remcos backdoor RAT.
Cybersecurity
Threat Report
Initial Access Brokers
Successful cybercrime attacks often take groups of individuals working together. Some are extremely organized cybercrime syndicates such as the Conti group, but often individual criminals provide services to other criminals as vendors operating through a marketplace. Ransomware-as-a-Service (RaaS) or Botnet-as-a-Service (BaaS) providers regularly advertise their services on forums such as Exploit or XSS and setup affiliate programs. One type of service that can be found within the cybercrime ecosystem is the initial access broker (IAB).
Cybersecurity
Threat Report
Follina - A New Microsoft Office 0-day RCE
Follina is a new remote code execution 0-day vulnerability in Microsft Office products.
Cybersecurity
Threat Report
Patch Tuesday - May 2022
A brief overview of the latest security patches released by Microsoft including patches for 74 vulnerabilities; 7 are critical (2 elevation of privilege and 5 remote code execution), 66 are important, and 1 is rated as low.
Cybersecurity

ConnectWise Cyber Research Unit Threat Feeds
This repository contains lists of threat intelligence discovered by the CRU using our internal sandbox built on top of the Perch platform or found while threat hunting. This data is threat intelligence the CRU has been collecting for years and using internally at ConnectWise for threat hunting and threat analysis assistance. We use this intelligence daily, searching for these indicators in our customer's network data to find new threats and filter out false positives. This feed is updated daily.
Who we are
The ConnectWise CRU (Cyber Research Unit) is comprised of seasoned cyber professionals with deep engineering, IT administration, security operations, and incident analysis and response expertise. Leveraging years of real-world, hard knocks experience, the CRU team is dedicated to expanding the industry's collective understanding of today’s threat landscape. Armed with this intelligence, we seek to help defenders improve their defense-in-depth and keep critical assets safe.

2022 MSP Threat Report
See what the CRU put together in the third edition of the MSP Threat Report. Get an eye-opening look at what MSPs faced in 2021 and predictions for 2022 and beyond.