Malwarebytes said it was hacked by the same group who breached SolarWinds

by | Jan 20, 2021

malwarebytes solarwinds attack

Post Views: 1,878

style="display:block" data-ad-client="ca-pub-6620833063853657" data-ad-slot="8337846400" data-ad-format="auto" data-full-width-responsive="true">
 
 
 

 

 

Reading Time: 1 Minute

 

Malwarebytes becomes fourth major security firm targeted by attackers after Microsoft, FireEye, and CrowdStrike.

 

 

 

 

 

US cyber-security firm Malwarebytes today said it was hacked by the same group which breached IT software company SolarWinds last year.

Malwarebytes said its intrusion is not related to the SolarWinds supply chain incident since the company doesn’t use any of SolarWinds software in its internal network.

Instead, the security firm said the hackers breached its internal systems by exploiting a dormant email protection product within its Office 365 tenant.

 
 
See Also: Apple Removes macOS Feature That Allowed Apps to Bypass Firewall Security

 

style=”display:block” data-ad-client=”ca-pub-6620833063853657″ data-ad-slot=”8337846400″ data-ad-format=”auto” data-full-width-responsive=”true”>

 

 

Malwarebytes said it learned of the intrusion from the Microsoft Security Response Center (MSRC) on December 15, which detected suspicious activity coming from the dormant Office 365 security app.

At the time, Microsoft was auditing its Office 365 and Azure infrastructures for signs of malicious apps created by the SolarWinds hackers, also known in cyber-security circles as UNC2452 or Dark Halo.

Malwarebytes said that once it learned of the breach, it began an internal investigation to determine what hackers accessed.

 

 

See Also: Offensive Security Tool: Shad0w

 

style=”display:block” data-ad-client=”ca-pub-6620833063853657″ data-ad-slot=”8337846400″ data-ad-format=”auto” data-full-width-responsive=”true”>

 

MALWAREBYTES PRODUCTS ARE NOT AFFECTED

 

Since the same threat actor breached SolarWinds and then moved to poison the company’s software by inserting the Sunburst malware into some updates for the SolarWinds Orion app, Kleczynski said they also performed a very thorough audit of all its products and their source code, searching for any signs of a similar compromise or past supply chain attack.

“Our internal systems showed no evidence of unauthorized access or compromise in any on-premises and production environments.

“Our software remains safe to use,” Kleczynski added.

After today’s disclosure, Malwarebytes becomes the fourth major security vendor targeted by the UNC2452/Dark Halo threat actor, which US officials have linked to a Russian government cyber-espionage operation.

Previously targeted companies include FireEyeMicrosoft, and CrowdStrike.

 

style=”display:block” data-ad-client=”ca-pub-6620833063853657″ data-ad-slot=”8337846400″ data-ad-format=”auto” data-full-width-responsive=”true”>

 

See Also:SolarWinds Supply Chain Hack – The hack that shone a light on the gaps in the cybersecurity of governments and big companies

 

 

 

Source: www.zdnet.com

 

 
(Click Link)

 

 

Offensive Security & Ethical Hacking Course

Begin the learning curve of hacking now!

Information Security Solutions

Find out how Pentesting Services can help you.

Join our Community

Share This