According to Malwarebytes, SolarWinds hackers accessed its internal email communication.
The internet security software developer Malwarebytes announced on Tuesday that it suffered a security breach after SolarWinds hackers accessed the company’s internal email communication.
The announcement makes Malwarebytes the fourth major cybersecurity firm targeted by the SolarWinds hackers. FireEye, Crowdstrike, and Microsoft were three major firms who acknowledged being victims of a separate attack called “SolarWinds supply chain attack” carried by the same hackers in December 2020.
In FireEye’s case, the SolarWinds hackers stole certain “red team tools” which are used by the firm to test the security systems of its clients.
In Microsoft’s case, the company revealed that hackers viewed its source code “in a number of source code repositories.” However, the hacked account used to access the source code didn’t offer permission to modify the code or systems.
As for Malwarebytes, the breach was not part of the SolarWinds supply chain attack but a result of a different attack in which the same threat actors were “abusing applications with privileged access to Microsoft Office 365 and Azure environments.”
The breach was identified on December 15th, 2020 but the details of it have only been revealed to the public now. In a blog post, Malwarebytes’ CEO Marcin Kleczynski said that:
“While Malwarebytes does not use SolarWinds, we, like many other companies were recently targeted by the same threat actor.” […] “We found no evidence of unauthorized access or compromise in any of our internal on-premises and produc ..
Support the originator by clicking the read the rest link below.
