Security Experts:

Connect with us

Hi, what are you looking for?



Malwarebytes Targeted by SolarWinds Hackers

Cybersecurity firm Malwarebytes on Tuesday revealed that it too was targeted by the hackers who breached the systems of Texas-based IT management company SolarWinds as part of a sophisticated supply chain attack.

Cybersecurity firm Malwarebytes on Tuesday revealed that it too was targeted by the hackers who breached the systems of Texas-based IT management company SolarWinds as part of a sophisticated supply chain attack.

Malwarebytes says it has not used any SolarWinds products, but its investigation revealed that the threat actor gained access to some of its systems by abusing applications with privileged access to Microsoft 365 and Azure environments.

“After an extensive investigation, we determined the attacker only gained access to a limited subset of internal company emails. We found no evidence of unauthorized access or compromise in any of our internal on-premises and production environments,” said Marcin Kleczynski, CEO and co-founder of Malwarebytes.

According to Kleczynski, his company discovered the breach after being notified by Microsoft on December 15 about suspicious activity possibly conducted by the SolarWinds hackers. An investigation conducted with assistance from Microsoft revealed that the attackers abused a dormant email protection product within the company’s Microsoft 365 tenant, which gave them access to “a limited subset of internal company emails.”

Malwarebytes does not use Azure in its production environment and a thorough analysis of its source code and build and delivery processes uncovered no evidence of compromise. “Our software remains safe to use,” Kleczynski said.

Continuous Updates: Everything You Need to Know About the SolarWinds Attack

FireEye on Tuesday released a detailed white paper on the techniques and tactics used by the SolarWinds hackers to target Microsoft 365 environments. The paper offers remediation guidance to targeted organizations, hardening guidance for those not impacted, as well as detection guidance.

The cybersecurity firm also released an open source tool designed to check Microsoft 365 tenants for the use of techniques associated with the SolarWinds hackers. Similar tools were also made available recently by CISA and CrowdStrike.

Earlier this month, email security company Mimecast revealed that a sophisticated threat actor had obtained a certificate provided to certain customers, and some have speculated that the incident may be related to the SolarWinds breach.

Cybersecurity researchers continue to analyze the tools and tactics used by the SolarWinds hackers. Symantec on Tuesday reported spotting yet another piece of malware used by the threat actor, namely a loader named Raindrop, which has been used for lateral movement and for deploying additional payloads.

Related: SolarLeaks: Files Allegedly Obtained in SolarWinds Hack Offered for Sale

Related: Class Action Lawsuit Filed Against SolarWinds Over Hack

Related: SolarWinds Taps Firm Started by Ex-CISA Chief Chris Krebs, Former Facebook CSO Alex Stamos

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...


The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...

Application Security

PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.