American security company Malwarebytes has revealed that it was targeted by the same “nation state actor implicated in SolarWinds breach.” The firm says it doesn’t use SolarWinds’ IT software, which served as the hackers’ entryway into the systems of all the companies and federal agencies they breached, and that it was infiltrated using another intrusion vector. In particular, the bad actors got in through a dormant email protection product within its Office 365 tenant.
The company first found out about the intrusion after getting word from the Microsoft Security Response Center on December 15th regarding a suspicious activity from a third—party app in its Office 365 environment. That activity was “consistent with the tactics, techniques and procedures” used by the actors behind the SolarWinds attacks.
Malwarebytes assures its anti-malware users, however, that it conducted an extensive investigation and determined that the attackers only gained access to a limited subset of internal company emails. Upon examining its source code and reverse engineering its software, it found no evidence of unauthorized access. Malwarebytes stresses that it doesn’t use Microsoft’s Azure cloud services and that its software remains safe to use.
The SolarWinds hack started sometime in March after attackers breached the company’s Orion network management tools. They used a vulnerability in that product to infiltrate the systems of SolarWinds’ customers, including Microsoft, the DOJ and the US Department of Energy and National Nuclear Security Administration. Representatives from the FBI, NSA and Cybersecurity and Infrastructure Security Agency recently published a joint statement naming Russia as the most likely entity behind the hacks.