Malwarebytes hacked by state actors behind SolarWinds attack
Cybersecurity company Malwarebytes said on Tuesday that some of its emails were breached by the same hackers who used the software company SolarWinds to hack into a series of U.S. government agencies.
In a statement, the Santa Clara, California-based company said that while it did not use software made by SolarWinds, the company at the center of the breach, it had been successfully targeted by the same hackers who were able to sneak into its Microsoft Office 365 and Microsoft Azure environments.
Malwarebytes said the hack gave the spies access to "a limited subset of internal company emails." But it found no evidence of unauthorized access or compromise of its production environments - which could have had a potentially catastrophic impact because the company's security products are used by millions of people.
"Our software remains safe to use," the company's statement said.
The disclosure was the latest in a series of announcements by digital security firms that they were either compromised or targeted by the hackers, who the U.S. government has judged to be "likely Russian in origin."
Suspected since December 15
On December 15, 2020, Malwarebytes claims it received information from the Microsoft Security Response Center of suspicious activity from a dormant email protection product in the company’s Microsoft Office 365 tenant. The activity seems to be consistent with the techniques used by the SolarWinds nation-state actor.
The anti-malware security company said they immediately activated their incident response group for an extensive investigation found that the attack affected “a limited subset of internal company emails.”
Malwarebytes claims that their product is not affected: “We do not use Azure cloud services in our production environments.”
The growing impact of the SolarWinds attackers
Malwarebytes claims that the SolarWinds attackers are also targeting administrative and service credentials, and not only the SolarWinds supply chain. This implies that they used additional means that “compromise high-value targets by exploiting administrative or service credentials.”
In a message posted to Twitter, Malwarebytes' Chief Executive Marcin Kleczynski said the hacking campaign "is much broader than SolarWinds and I expect more companies will come forward soon."
The SolarWinds hackers have previously been accused of stealing hacking tools from cybersecurity firm FireEye, accessing an unspecified number of source code repositories at Microsoft and hijacking digital certificates used by email defense firm Mimecast.
Cybersecurity firm CrowdStrike said late last month that it too had recently discovered an unsuccessful attempt to steal its emails. The company did not identify the hackers involved but two people familiar with its said they were the same suspected Russian hackers accused of breaching SolarWinds.
Russia has denied any involvement in the hacking spree.
Additional reporting by Reuters.