Security News > 2021 > January > Malwarebytes was breached by the SolarWinds attackers

A fourth malware strain wielded by the SolarWinds attackers has been detailed by Symantec researchers, followed by the disclosure of the attackers' ingenous lateral movement techniques and the release of an auditing script by FireEye researchers that organizations can use to check their Microsoft 365 tenants for signs of intrusion.

On Tuesday, Malwarebytes CEO Marcin Kleczynski disclosed that the same attackers targeted and breached the company, but not through the compromised SolarWinds Orion platform.

FireEye is the firm that first uncovered the activities of the SolarWinds hackers and has visibility in many intrusions perpetrated by them, allowing them to detail several methodologies used by attackers to move laterally from targets' on-premises networks to the Microsoft 365 cloud.

Malwarebytes CEO Marcin Kleczynski said that the company has been breached by the same nation-state attackers that hit and compromised SolarWinds, but that they didn't gain access through a compromised SolarWinds Orion installation.

"We received information from the Microsoft Security Response Center on December 15 about suspicious activity from a third-party application in our Microsoft Office 365 tenant consistent with the tactics, techniques and procedures of the same advanced threat actor involved in the SolarWinds attacks," Kleczynski shared.

"The investigation indicates the attackers leveraged a dormant email protection product within our Office 365 tenant that allowed access to a limited subset of internal company emails. We do not use Azure cloud services in our production environments."

News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/ZgonXQwZLFM/