Security News > 2021 > January > Malwarebytes Hit by SolarWinds Attackers

Malwarebytes Hit by SolarWinds Attackers
2021-01-20 17:36

Malwarebytes is the latest discovered victim of the SolarWinds hackers, the security company said - except that it wasn't targeted through the SolarWinds platform.

"While Malwarebytes does not use SolarWinds, we, like many other companies were recently targeted by the same threat actor," it disclosed in a Tuesday web posting.

While the tactics, techniques and procedures turned out to be consistent with those used by the SolarWinds APT, in this case the espionage effort only affected a "Limited subset of internal company emails," the firm noted.

A Malwarebytes spokesperson noted only, "This was a nation-state attack against many vectors, including multiple security vendors." The company declined to provide additional information on the TTPs linking this attack to the SolarWinds attackers.

"Why are the SolarWinds hackers going after security companies? When you piece together the puzzle it becomes scary," Luttwak said.

The SolarWinds espionage attack, which has affected several U.S. government agencies, tech companies like Microsoft and FireEye, and many others, began with a poisoned software update that delivered the Sunburst backdoor to around 18,000 organizations last spring.


News URL

https://threatpost.com/malwarebytes-solarwinds-attackers/163190/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Solarwinds 44 0 80 95 40 215
Malwarebytes 8 0 1 22 1 24