According to Malwarebytes, SolarWinds hackers accessed its internal email communication.
The internet security software developer Malwarebytes announced on Tuesday that it suffered a security breach after SolarWinds hackers accessed the company’s internal email communication.
The announcement makes Malwarebytes the third major cybersecurity firm targeted by the SolarWinds hackers. FireEye and Microsoft were three major firms who acknowledged being victims of a separate attack called “SolarWinds supply chain attack” carried by the same hackers in December 2020.
In FireEye’s case, the SolarWinds hackers stole certain “red team tools” which are used by the firm to test the security systems of its clients.
In Microsoft’s case, the company revealed that hackers viewed its source code “in a number of source code repositories.” However, the hacked account used to access the source code didn’t offer permission to modify the code or systems.
As for Malwarebytes, the breach was not part of the SolarWinds supply chain attack but a result of a different attack in which the same threat actors were “abusing applications with privileged access to Microsoft Office 365 and Azure environments.”
The breach was identified on December 15th, 2020 but the details of it have only been revealed to the public now. In a blog post, Malwarebytes’ CEO Marcin Kleczynski said that:
“While Malwarebytes does not use SolarWinds, we, like many other companies were recently targeted by the same threat actor.” […] “We found no evidence of unauthorized access or compromise in any of our internal on-premises and production environments.”
Kleczynski further states that after investigating the attack the company has found no evidence of “unauthorized access or compromise in any of our internal on-premises and production environments.”
If you are using Malwarebytes anti-malware solution or another product offered by the company, it’s safe to do so.
It is worth noting that the SolarWinds breach took place last year in which 250 organizations in the United States including top government agencies including the Department of Homeland Security and private businesses were targeted.
On December 13th, 2020 SolarWinds announced that it was hacked and its software channel was compromised to puts out malicious updates on approx. 18,000 of its Orion platform users, referring to an ongoing supply chain attack.
What followed was an extensive espionage campaign involving dozens of government institutions and businesses within the US and in other parts of the world. SolarWinds’ Orion Platform software secretly dispensed malware to spy on the users and extract documents containing sensitive data.
According to the Cybersecurity and Infrastructure Security Agency (CISA), UNC2452 aka Dark Halo group backed by the Russian government is behind the attack.