Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Malwarebytes Targeted by SolarWinds Hackers

Cybersecurity firm Malwarebytes on Tuesday revealed that it too was targeted by the hackers who breached the systems of Texas-based IT management company SolarWinds as part of a sophisticated supply chain attack.

Cybersecurity firm Malwarebytes on Tuesday revealed that it too was targeted by the hackers who breached the systems of Texas-based IT management company SolarWinds as part of a sophisticated supply chain attack.

Malwarebytes says it has not used any SolarWinds products, but its investigation revealed that the threat actor gained access to some of its systems by abusing applications with privileged access to Microsoft 365 and Azure environments.

“After an extensive investigation, we determined the attacker only gained access to a limited subset of internal company emails. We found no evidence of unauthorized access or compromise in any of our internal on-premises and production environments,” said Marcin Kleczynski, CEO and co-founder of Malwarebytes.

According to Kleczynski, his company discovered the breach after being notified by Microsoft on December 15 about suspicious activity possibly conducted by the SolarWinds hackers. An investigation conducted with assistance from Microsoft revealed that the attackers abused a dormant email protection product within the company’s Microsoft 365 tenant, which gave them access to “a limited subset of internal company emails.”

Malwarebytes does not use Azure in its production environment and a thorough analysis of its source code and build and delivery processes uncovered no evidence of compromise. “Our software remains safe to use,” Kleczynski said.

Continuous Updates: Everything You Need to Know About the SolarWinds Attack

FireEye on Tuesday released a detailed white paper on the techniques and tactics used by the SolarWinds hackers to target Microsoft 365 environments. The paper offers remediation guidance to targeted organizations, hardening guidance for those not impacted, as well as detection guidance.

The cybersecurity firm also released an open source tool designed to check Microsoft 365 tenants for the use of techniques associated with the SolarWinds hackers. Similar tools were also made available recently by CISA and CrowdStrike.

Earlier this month, email security company Mimecast revealed that a sophisticated threat actor had obtained a certificate provided to certain customers, and some have speculated that the incident may be related to the SolarWinds breach.

Cybersecurity researchers continue to analyze the tools and tactics used by the SolarWinds hackers. Symantec on Tuesday reported spotting yet another piece of malware used by the threat actor, namely a loader named Raindrop, which has been used for lateral movement and for deploying additional payloads.

Related: SolarLeaks: Files Allegedly Obtained in SolarWinds Hack Offered for Sale

Related: Class Action Lawsuit Filed Against SolarWinds Over Hack

Related: SolarWinds Taps Firm Started by Ex-CISA Chief Chris Krebs, Former Facebook CSO Alex Stamos

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Cybercrime

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Data Breaches

GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.

Cybercrime

The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.

Management & Strategy

Industry professionals comment on the recent disruption of the Hive ransomware operation and its hacking by law enforcement.

Malware & Threats

Microsoft plans to improve the protection of Office users by blocking XLL add-ins from the internet.

Cybercrime

A new study by McAfee and the Center for Strategic and International Studies (CSIS) named a staggering figure as the true annual cost of...