Security News > 2021 > January > Malwarebytes says SolarWinds hackers accessed its internal emails

Malwarebytes says SolarWinds hackers accessed its internal emails
2021-01-19 15:03

Cybersecurity firm Malwarebytes today confirmed that the threat actor behind the SolarWinds supply-chain attack were able to gain access to some company emails.

"While Malwarebytes does not use SolarWinds, we, like many other companies were recently targeted by the same threat actor," Malwarebytes CEO and co-founder Marcin Kleczynski said.

Malwarebytes discovered that the threat actor that coordinated the SolarWinds hack used applications with privileged access infiltrate the company's Microsoft Office 365 and Azure environments.

Malwarebytes software is safe to use given that a thorough analysis of "All Malwarebytes source code, build and delivery processes," did not reveal any signs of unauthorized access or compromise.

The SolarWinds hackers also targeted Malwarebytes administrative and service credentials by adding a self-signed certificate with credentials to the Microsoft Graph service principal account.

Malwarebytes is the fourth cybersecurity firm targeted by the SolarWinds hackers, after Microsoft and FireEye confirmed that their systems were infiltrated and CrowdStrike disclosed a failed attack attempt.


News URL

https://www.bleepingcomputer.com/news/security/malwarebytes-says-solarwinds-hackers-accessed-its-internal-emails/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Solarwinds 56 33 101 81 50 265
Malwarebytes 9 1 8 14 2 25