What you need to know
- Malwarebytes was attacked by the same threat actor behind the SolarWinds attack.
- The company does not use SolarWinds but was attacked by the same threat actor that was behind the SolarWinds attack.
- The attack abused applications with privileged access to Microsoft Office 365.
Malwarebytes recently shared that it was attacked by the same group that was behind the SolarWinds attack that occurred last year. Malwarebytes does not use SolarWinds but explains that it was attacked by the threat actor behind the famous attack. The attack on Malwarebytes abuses applications with privileged access to Microsoft Office 365 environments.
Malwarebytes explains that the attacker "only gained access to a limited subset of internal company emails" and that it "found no evidence of unauthorized access or compromise in any of [its] internal on-premises and production environments."
The Microsoft Security Response Center notified information about the attack on December 15. Malwarebytes was informed of suspicious activity that was consistent with methods used in the SolarWinds attack.
After being informed of the attack, Malwarebytes activated its incident response group and work with Microsoft's Detection and Response Team to investigate. According to its investigation, the attack leveraged a dormant email protection product within the Malwarebytes Office 365 tenant.
"Our software remains safe to use," says Malwarebytes co-founder and CEO Marcin Kleczynski in the post detailing the attack. Kleczynski explains that Malwarebytes looked at its source code, build and delivery processes, and reverse engineered its own software to make sure that it's still safe to use. The company's systems "showed no evidence of unauthorized access or compromise in any on-premises and production environments," according to Kleczynski.
The threat actors behind the SolarWinds attacks have gone after several large tech companies, including Microsoft. The U.S. government accuse the Russian government of orchestrating the SolarWinds attack (via ZDNet).