Image: Malwarebytes
American cybersecurity firm Malwarebytes said today that it was hacked by the same group that breached IT software company SolarWinds last year.
Malwarebytes said his intrusion is unrelated to the SolarWinds supply chain incident, since the company does not use any SolarWinds software on its internal network.
Besides that: Best VPNs • Best security keys
Instead, the security company said that hackers breached its internal systems, exploiting a weakness in Azure Active Directory and abusing malicious Office 365 applications.
Malwarebytes said he learned of the Microsoft Security Response Center (MSRC) intrusion on December 15.
At the time, Microsoft was auditing its Office 365 and Azure infrastructures for signs of malicious applications created by hackers at SolarWinds, also known in cybersecurity circles as UNC2452 or Dark Halo.
Malwarebytes said that as soon as he learned of the breach, he started an internal investigation to determine what the hackers accessed.
“After extensive investigation, we determined that the attacker had access to only a limited subset of the company’s internal email,” said Marcin Kleczynski, co-founder of Malwarebytes and current CEO, today.
Malwarebytes products are not affected
As the same threat agent breached SolarWinds and then went on to poison the company’s software by inserting Sunburst malware in some updates to the SolarWinds Orion application, Kleczynski said he also performed a very thorough audit of all of his products and source code, looking for for any signs of similar compromise or prior attack on the supply chain.
“Our internal systems have shown no evidence of unauthorized access or compromise in any local and production environments.
“Our software remains safe to use,” added Kleczynski.
Following today’s disclosure, Malwarebytes becomes the fourth largest security provider targeted by threat actor UNC2452 / Dark Halo, which US officials have linked to a Russian government cyber espionage operation.
Previously targeted companies include FireEye, Microsoft and CrowdStrike.