Antivirus firm Malwarebytes has confirmed that it has been hacked by the group responsible for the SolarWinds breach. The admission means that Malwarebytes joins Microsoft, FireEye, and CrowdStrike in the list of security providers to be targeted by the attackers.
The hack was initially discovered during a Microsoft audit of Office 365 and Azure infrastructures, after it detected suspicious activity coming from a dormant Office 365 security app.
Malwarebytes was keen to point out that its breach was not directly related to the SolarWinds attack as the firm does not use any SolarWinds software as part of its internal IT infrastructure. There was also no evidence that any of its on-premise or production environments had been compromised, meaning its products remain safe to use.
“We received information from the Microsoft Security Response Center on December 15 about suspicious activity from a third-party application in our Microsoft Office 365 tenant consistent with the tactics, techniques and procedures of the same advanced threat actor involved in the SolarWinds attacks,” Marcin Kleczynski, founder and CEO of Malwarebytes, said.
“We immediately activated our incident response group and engaged Microsoft’s Detection and Response Team (DART). Together, we performed an extensive investigation of both our cloud and on-premises environments for any activity related to the API calls that triggered the initial alert.”
The SolarWinds hack was initially discovered in December last year, with more and more information slowly coming to light. It is now thought that as many as 250 networks around the world have been affected, from government bodies to private corporations.
Malwarebytes praised the work of its fellow security vendors in trying to limit the damage caused by the group behind the SolarWinds hack. In addition to the auditing carried out by Microsoft, FireEye has recently shared a tool that businesses can use to determine whether they have been targeted by the hackers.
Although the exact origin of the SolarWinds breach is unknown, most security researchers have concluded that a state-sponsored group is responsible, with the blame being laid at Russia’s feet.
Via ZDNet
