Cybersecurity firm Malwarebytes has disclosed that it was targeted by the same group of hackers behind the breach of IT software company SolarWinds.
The firm said it doesn’t use SolarWinds’ IT software, through which hackers were able to break into the systems of companies including FireEye, Microsoft, and CrowdStrike. Instead, Malwarebytes said it was infiltrated using another intrusion vector.
The bad actors were able to breach the firm’s internal systems by exploiting a dormant email protection product within its Office 365 tenant, the company said.
“We can confirm the existence of another intrusion vector that works by abusing applications with privileged access to Microsoft Office 365 and Azure environments,” wrote Marcin Kleczynski, Malwarebytes co-founder and current CEO.
Malwarebytes products ‘remain safe to use’
Malwarebytes said it found out about the intrusion on December 15, after the Microsoft Security Response center detected suspicious activity in the dormant Office 365 app. The activity was “consistent with the tactics, techniques and procedures” deployed by the hackers who carried out the SolarWinds attacks.
After learning of the breach, the company said it quickly launched an internal investigation to determine what hackers were able to gain access to. Malwarebytes said its anti-malware users can be assured that its software remains safe to use since it doesn’t use Microsoft’s Azure cloud services.
“After an extensive investigation, we determined the attacker only gained access to a limited subset of internal company emails,” Kleczynski said. “We found no evidence of unauthorized access or compromise in any of our internal on-premises and production environments.”
Malwarebytes’ announcement that it was targeted by the SolarWinds attackers brings the total number of affected security vendors to four. The group of threat actors previously targeted FireEye, Microsoft, and CrowdStrike in what is believed to have been an attempt to gather intelligence.
Officials from the FBI, NSA, and Cybersecurity and Infrastructure Security Agency (CISA) recently put out a joint statement naming the Russian government as the most likely culprit behind the cyber-espionage attacks.