Cybersecurity firm Malwarebytes said that it was hacked by the same group that breached IT software company SolarWinds last year, adding to the rising list of key security companies targeted by the group.
A Malwarebytes spokeswoman, in an emailed statement, said based on the methods of the attack, the company believes it was “the same threat actor” that attacked SolarWinds.
Malwarebytes said threat actors employed a vulnerability in the Azure Active Directory and malicious Office 365 applications to infiltrate the company’s internal systems. The firm said the situation had nothing to do with the SolarWinds’ breach, as Malwarebytes doesn’t use any of their systems.
“While Malwarebytes does not use SolarWinds, we, like many other companies were recently targeted by the same threat actor,” Malwarebytes CEO and co-founder Marcin Kleczynski said.
“We can confirm the existence of another intrusion vector that works by abusing applications with privileged access to Microsoft Office 365 and Azure environments.”
“After an extensive investigation, we determined the attacker only gained access to a limited subset of internal company emails.”
Malwarebytes is the fourth cybersecurity company to confirm that a hacker that perpetrated the SolarWinds supply-chain attack at its Microsoft, FireEye, and CrowdStrike targeted its systems.
“While we have learned a lot of information in a relatively short period of time, there is much more yet to be discovered about this long and active campaign that has impacted so many high-profile targets,” Kleczynski said.
“It is imperative that security companies continue to share information that can help the greater industry in times like these, particularly with such new and complex attacks often associated with nation state actors.”