[ad_1]
Image: Malwarebytes
US cybersecurity company Malwarebytes said today it was hacked by the same group that raped computer software company SolarWinds last year.
Malwarebytes said its intrusion is unrelated to the SolarWinds supply chain incident as the company does not use any SolarWinds software in its internal network.
Also: Best VPNs • Better security keys
Instead, the security company said the hackers breached its internal systems by exploiting a weakness in Azure Active Directory and abusing malicious Office 365 apps.
Malwarebytes said it learned of the Microsoft Security Response Center (MSRC) intrusion on December 15.
At the time, Microsoft was checking its Office 365 and Azure infrastructures for signs of malicious apps created by SolarWinds hackers, also known in cybersecurity circles as UNC2452 or Dark Halo.
Malwarebytes said that once it became aware of the breach, it launched an internal investigation to determine which hackers had accessed.
“After a thorough investigation, we determined that the attacker only had access to a limited subset of internal company emails,” said Marcin Kleczynski, co-founder of Malwarebytes and current CEO.
Malwarebytes products are not affected
Since the same threat actor breached SolarWinds and then poisoned the company’s software by inserting Sunburst malware into some updates to the SolarWinds Orion app, Kleczynski said he also performed a very thorough audit of all of its products and their source code, looking for signs of a similar compromise or past supply chain attack.
“Our internal systems have shown no evidence of unauthorized access or compromise in the on-site and production environments.
“Our software remains safe to use,” added Kleczynski.
After today’s disclosure, Malwarebytes becomes the fourth major security provider targeted by the threat actor UNC2452 / Dark Halo, which U.S. officials have linked to a Russian government cyber espionage operation.
Previously targeted companies include FireEye, Microsoft, and CrowdStrike.
[ad_2]
Source link