Malwarebytes assures its anti-malware users, however, that it has conducted an extensive investigation and determined that attackers have gained access to only a limited subset of the company’s internal emails. In examining its source code and reverse engineering its software, it found no evidence of unauthorized access. Malwarebytes emphasizes that it does not use Microsoft’s Azure cloud services and that its software remains safe to use.
The SolarWinds hack began in March, after attackers breached the company’s Orion network management tools. They used a vulnerability in that product to infiltrate the systems of SolarWinds customers, including Microsoft, DOJ and the United States Department of Energy and National Nuclear Security Administration. Representatives from the FBI, NSA and the Cyber Security and Infrastructure Agency recently issued a joint statement naming Russia as the most likely entity behind the hacks.