Malwarebytes suffered from hackers that arranged SolarWinds attack

Malwarebytes cybersecurity company representatives said that although the company did not use SolarWinds products, it suffered from the same attackers who launched the SolarWinds attack. Cybercriminals managed to gain access to internal Malwarebytes emails.

Thus, the list of companies affected by hackers who compromised SolarWinds continues to grow.

Let me remind you that the attack on SolarWinds is attributed to a Russian-speaking hack group that information security experts track under the names StellarParticle (CrowdStrike), UNC2452 (FireEye) and Dark Halo (Volexity). Russian government hackers also attacked FireEye, the largest provider of information security solutions.

In a statement, Malwarebytes emphasizes that the incident is not related to the recent SolarWinds supply chain attack and hack. However, the same attackers hacked into Malwarebytes’ internal systems using a dormant security product in the Office 365 email client. The experts say that the attackers used an old vulnerability in Azure Active Directory to attack and ended up making API calls to retrieve emails via MSGraph.

“Despite the fact that Malwarebytes does not use SolarWinds products, we, like many other companies, were recently attacked by the same attacker. We can confirm the existence of another attack vector that abuses applications with privileged access to Microsoft Office 365 and Azure environments”, — the company said.

The attack was detected on December 15, 2020, and Malwarebytes learned about the incident from Microsoft specialists, who noticed suspicious activity emanating from a dormant security application. The fact is that then it became known about the compromise of SolarWinds, and Microsoft checked its infrastructure (including Office 365 and Azure) in search of traces of malicious applications created by hackers who compromised SolarWinds.

After the hack was discovered, Malwarebytes conducted an internal review and reported:

“After careful investigation, we determined that the attacker only gained access to a limited number of internal company emails.”

As in the case of SolarWinds attackers injected malware into one of the affected company’s products (the Orion platform, designed for centralized monitoring and management, was provided with a malicious update), Malwarebytes representatives emphasize that a thorough audit of all products and their source code was carried out, but during these checks was not discovered any evidence of unauthorized access or hack.

It is reported that the company’s software is safe and can be used further.

Let me remind you that the US Department of Justice suffered from attack on SolarWinds.