Malwarebytes 'remains safe to use' following attack from SolarWinds threat actor

Malwarebytes Labs
Malwarebytes Labs (Image credit: Malwarebytes)

What you need to know

  • Malwarebytes was attacked by the same threat actor behind the SolarWinds attack.
  • The company does not use SolarWinds but was attacked by the same threat actor that was behind the SolarWinds attack.
  • The attack abused applications with privileged access to Microsoft Office 365.

Malwarebytes recently shared that it was attacked by the same group that was behind the SolarWinds attack that occurred last year. Malwarebytes does not use SolarWinds but explains that it was attacked by the threat actor behind the famous attack. The attack on Malwarebytes abuses applications with privileged access to Microsoft Office 365 environments.

Malwarebytes explains that the attacker "only gained access to a limited subset of internal company emails" and that it "found no evidence of unauthorized access or compromise in any of [its] internal on-premises and production environments."

The Microsoft Security Response Center notified information about the attack on December 15. Malwarebytes was informed of suspicious activity that was consistent with methods used in the SolarWinds attack.

After being informed of the attack, Malwarebytes activated its incident response group and work with Microsoft's Detection and Response Team to investigate. According to its investigation, the attack leveraged a dormant email protection product within the Malwarebytes Office 365 tenant.

"Our software remains safe to use," says Malwarebytes co-founder and CEO Marcin Kleczynski in the post detailing the attack. Kleczynski explains that Malwarebytes looked at its source code, build and delivery processes, and reverse engineered its own software to make sure that it's still safe to use. The company's systems "showed no evidence of unauthorized access or compromise in any on-premises and production environments," according to Kleczynski.

The threat actors behind the SolarWinds attacks have gone after several large tech companies, including Microsoft. The U.S. government accuse the Russian government of orchestrating the SolarWinds attack (via ZDNet).

Sean Endicott
News Writer and apps editor

Sean Endicott is a tech journalist at Windows Central, specializing in Windows, Microsoft software, AI, and PCs. He's covered major launches, from Windows 10 and 11 to the rise of AI tools like ChatGPT. Sean's journey began with the Lumia 740, leading to strong ties with app developers. Outside writing, he coaches American football, utilizing Microsoft services to manage his team. He studied broadcast journalism at Nottingham Trent University and is active on X @SeanEndicott_ and Threads @sean_endicott_.