Malwarebytes, the popular cybersecurity services company, has confirmed that it has suffered a cyberattack by the same threat actors that caused the security incidents stemming from the SolarWinds software.
On 15th of December, Microsoft's Security Response Centre alerted Malwarebytes to suspicious activity in a third party application within its Microsoft Office 365 product, whereby the attacker gained access to a limited subset of internal emails. The application corresponds to an inactive email protection product.
In response, the company launched an investigation by its Incident Response Team and Microsoft's Detection and Response Team (DART), which has analysed cloud and local environments.
So far, the investigation concludes that no evidence has been found that any local or production environments have been compromised.
For its part, the company has also stated that its software product remains secure and that it does not use Azure’s cloud services in production environments.