When we first reported about the SolarWinds attack in December 2020, we said it was just the tip of the iceberg, and now a month later, organizations around the globe can see what lies beneath. Malwarebytes, a U.S. – based cybersecurity firm, has reportedly been intruded on by the same nation-state actor behind the SolarWinds cyberattack.
In an official release, Marcin Kleczynski, CEO of Malwarebytes, stated that although the same threat actors were involved in this breach, it was not related to the SolarWinds supply chain attack. Instead, Kleczynski said that the intruders abused privileged access to Microsoft Office 365 and Azure environments to breach their network.
What was Hacked in the Incident?
The Malwarebytes security team received security notifications from the Microsoft Security Response Center (MSRC) on December 15, 2020, about suspicious activity on one of its dormant Microsoft Office 365 apps. After comparing the vectors, the security team found them consistent with the tactics, techniques, and procedures (TTPs) of the threat actor involved in the SolarWinds attacks. Thus, from that day on, Malwarebytes’ researchers carried out extensive research and found the following:
- Attackers breached Malwarebytes’ internal systems by exploiting a dormant email protection product within its Office 365 tenant.
- The attackers only gained access to a limited subset of internal company emails.
- No evidence of unauthorized access or compromise in any of the internal, on-premises, and production environments of their products has been found.
Our Products are Safe!
The SolarWinds cyberattack is known to have infested networks with additional payloads like the SUNBURST and Raindrop malware that can go undetected for months, if not days. Thus, Kleczynski assured that a thorough internal audit was carried out to investigate the matter at hand. The entire source code of all its products has been scanned, and he reassured stating, “Our software remains safe to use.”
Kleczynski also took the opportunity to thank FireEye, Crowdstrike, and Microsoft, who shared their resources and all the information on the SolarWinds cyberattack with them for quicker mitigation. He has reiterated the same sentiments that many cybersecurity experts have been saying for a long time – unite, associate, and fight the adversaries as one.