Articles Malwarebytes get Hacked by hackers who hacked SolarWinds

Malwarebytes get Hacked by hackers who hacked SolarWinds


The list of companies affected by hackers who compromised SolarWinds continues to grow. Representatives of the information security company Malwarebytes said that although the company did not use SolarWinds products, the same attackers managed to gain access to its internal emails. Let me remind you that the attack on SolarWinds is attributed to an allegedly Russian-speaking hack group, which information security experts track under the names StellarParticle (CrowdStrike), UNC2452 (FireEye) and Dark Halo (Volexity).

In a statement, Malwarebytes emphasizes that the incident is not related to the recent supply chain attack and hack of SolarWinds . However, the same hackers hacked into Malwarebytes’ internal systems using a dormant security product in the Office 365 email client. Experts say that the hackers used an old vulnerability in Azure Active Directory to attack, and ended up being able to make API calls to retrieve emails. via MSGraph.

“While Malwarebytes does not use SolarWinds products, we, like many other companies, were recently attacked by the same attacker. We can confirm the existence of another attack vector that abuses applications with privileged access to Microsoft Office 365 and Azure environments, ”the company said.

The attack was discovered on December 15, 2020, and Malwarebytes learned about the incident from Microsoft experts, who noticed suspicious activity emanating from a dormant security application. The fact is that then it became known about the compromise of SolarWinds, and Microsoft checked its infrastructure (including Office 365 and Azure) in search of traces of malicious applications created by hackers who compromised SolarWinds.

After the hack was discovered, Malwarebytes conducted an internal review and now reports:

“After thorough investigation, we determined that the attacker only gained access to a limited number of internal company emails.”

Since in the case of SolarWinds, attackers injected malware into one of the affected company’s products (the Orion platform, designed for centralized monitoring and management, was provided with a malicious update), Malwarebytes representatives emphasize that a thorough audit of all products and their source code was carried out, but these checks were not have identified no evidence of unauthorized access or tampering. It is reported that the company’s software is safe and can be used further.

Must read

28 dangerous extensions detected for Google Chrome and Microsoft Edge

Avast experts have discovered malware hidden in at least 28 third-party...

Why Is It Important To Have Intrusion Detection And Prevention ?

This article describes why detection and prevention of burglaries...

The risk is real: attacks on OT infrastructure

Previously, many believed that attacks on an isolated OT...

Gitpaste-12: Linux bot armed with a dozen exploits

Researchers at Juniper Networks have discovered a Linux scripting...

Saferwall : Open Source Malware Analysis

Saferwall is an open source malware analysis platform. It...

Network Vulnerability Assessment ? Why Should Every Company Do it at least once a Year !

Network vulnerability assessment analyzes a variety of network issues,...

Artificial Intelligence and Cyber Security

As artificial intelligence intrudes into the world of cybersecurity,...

You might also likeRELATED
Recommended to you