Malwarebytes confirmed it was targeted by SolarWinds hackers

Malwarebytes confirmed it was targeted by SolarWinds hackers

US cybersecurity firm Malwarebytes revealed it was targeted by the same threat actor who hacked IT software company SolarWinds last year.

Malwarebytes said the intrusion is not related to SolarWinds software but rather to another attack vector that involves abusing applications with privileged access to Microsoft Office 365 and Azure environments. An investigation into the incident revealed that the intruder only gained access to a limited subset of internal company emails, internal on-premises and production environments were not affected.

“We received information from the Microsoft Security Response Center on December 15 about suspicious activity from a third-party application in our Microsoft Office 365 tenant consistent with the tactics, techniques and procedures (TTPs) of the same advanced threat actor involved in the SolarWinds attacks,” Malwarebytes CEO and co-founder Marcin Kleczynski said in a blog post.

The investigation showed that the hackers used a dormant email protection product within the company’s Office 365 tenant that allowed access to a limited subset of internal emails. The threat actor added a self-signed certificate with credentials to the service principal account. From there, they can authenticate using the key and make API calls to request emails via MSGraph.

“Considering the supply chain nature of the SolarWinds attack, and in an abundance of caution, we immediately performed a thorough investigation of all Malwarebytes source code, build and delivery processes, including reverse engineering our own software. Our internal systems showed no evidence of unauthorized access or compromise in any on-premises and production environments. Our software remains safe to use,” Kleczynski added.

The threat actor behind the SolarWinds breach is tracked as StellarParticle (CrowdStrike), UNC2452 (FireEye), and Dark Halo (Volexity), and is believed to be a Russian-backed Advanced Persistent Threat (APT) group.

FireEye’s investigation into its own breach last month revealed that the hackers had infected SolarWinds’s Orion software used by government agencies and private companies with malicious code, which allowed the attackers to further compromise computer networks.

SolarWinds estimates that as many as 18,000 of its customers may have received infected updates, though it is believed that the number of directly affected companies is much smaller.

Back to the list

Latest Posts

Russia-linked Coldriver hackers deploy new espionage malware in targeted attacks

Russia-linked Coldriver hackers deploy new espionage malware in targeted attacks

LOSTKEYS is designed to steal sensitive files, harvest system information, and exfiltrate details about running processes.
8 May 2025
Russia-aligned operation manipulates audio and images to impersonate experts

Russia-aligned operation manipulates audio and images to impersonate experts

The operation primarily focused on undermining NATO support for Ukraine and spreading false narratives to disrupt domestic politics in EU member states.
7 May 2025
Global network of DDoS-for-hire services dismantled in international police op

Global network of DDoS-for-hire services dismantled in international police op

The suspects are believed to have administered six now-defunct websites, which operated as stresser or booter services.
7 May 2025
Popular Posts
Featured vulnerabilities
Password in Configuration File in IBM Sterling Partner Engagement Manager
High Patched | 08 May, 2025
Resource management error in IBM Business Automation Workflow
Low Patched | 08 May, 2025
Sensitive cookie in HTTPS session without 'secure' attribute in IBM Concert Software
Medium Patched | 08 May, 2025
Multiple vulnerabilities in SonicWall SMA100 SSL-VPN
Medium Patched | 08 May, 2025
IBM watsonx.data update for Async Http Client
High Patched | 08 May, 2025