Malwarebytes, another victim of SolarWinds security incident perpetrators
Malwarebytes, the popular cybersecurity services company, has confirmed that it has suffered a cyberattack by the same threat actors that caused the security incidents stemming from the SolarWinds software.
On 15th of December, Microsoft's Security Response Centre alerted Malwarebytes to suspicious activity in a third party application within its Microsoft Office 365 product, whereby the attacker gained access to a limited subset of internal emails. The application corresponds to an inactive email protection product.
In response, the company launched an investigation by its Incident Response Team and Microsoft's Detection and Response Team (DART), which has analysed cloud and local environments.
So far, the investigation concludes that no evidence has been found that any local or production environments have been compromised.
For its part, the company has also stated that its software product remains secure and that it does not use Azure’s cloud services in production environments.
References:
- 19/01/2021 blog.malwarebytes.com Malwarebytes targeted by Nation State Actor implicated in SolarWinds breach. Evidence suggests abuse of privileged access to Microsoft Office 365 and Azure environments
- 19/01/2021 bleepingcomputer.com Malwarebytes says SolarWinds hackers accessed its internal emails
- 20/01/2021 infosecurity-magazine.com Malwarebytes: SolarWinds Hackers Read Our Emails
- 24/01/2021 unaaldia.hispasec.com Los hackers de SolarWinds también atacaron Malwarebytes