Security News > 2021 > January > SolarWinds Hackers Also Breached Malwarebytes Cybersecurity Firm

Malwarebytes on Tuesday said it was breached by the same group who broke into SolarWinds to access some of its internal emails, making it the fourth major cybersecurity vendor to be targeted after FireEye, Microsoft, and CrowdStrike.

The company said its intrusion was not the result of a SolarWinds compromise, but rather due to a separate initial access vector that works by "Abusing applications with privileged access to Microsoft Office 365 and Azure environments."

"While Malwarebytes does not use SolarWinds, we, like many other companies were recently targeted by the same threat actor," the company's CEO Marcin Kleczynski said in a post.

The US Cybersecurity and Infrastructure Security Agency said earlier this month it found evidence of initial infection vectors using flaws other than the SolarWinds Orion platform, including password guessing, password spraying, and inappropriately secured administrative credentials accessible via external remote access services.

"We believe our tenant was accessed using one of the TTPs that were published in the CISA alert," Kleczynski explained in a Reddit thread. Malwarebytes said the threat actor added a self-signed certificate with credentials to the principal service account, subsequently using it to make API calls to request emails via Microsoft Graph.

The Mandiant-owned firm has also released an auditing script, called Azure AD Investigator, that it said can help companies check their Microsoft 365 tenants for indicators of some of the techniques used by the SolarWinds hackers.

News URL

http://feedproxy.google.com/~r/TheHackersNews/~3/7-FSAxpL2Vo/solarwinds-hackers-also-breached.html