Yesterday, cybersecurity company Malwarebytes announced that it was hacked by the same threat actor responsible for the SolarWinds attack.
According to Malwarebytes, its breach is not linked to the incident with SolarWinds as they don’t use any of the SolarWinds software.
Malwarebytes reported that attackers hacked its internal systems by exploiting a dormant email protection product included in Office 365.
The cybersecurity firm was informed about the breach by the Microsoft Security Response Center (MSRC) on December 15, which detected suspicious activity coming from its Office 365 security app.
Malwarebytes reported the company began an internal investigation of the intrusion as soon as they learned about the incident.
The company’s co-founder and CEO Marcin Kleczynski stated that following the investigation, they found that "the attacker only gained access to a limited subset of internal company emails."
Kleczynski added said that similarly to SolarWinds, Malwarebytes also conducted a full audit of its products and their source code, looking for any signs of a similar compromise or past supply chain attack.
The audit showed "no evidence of unauthorized access or compromise in any on-premises and production environments” and according to Kleczynski, "Our software remains safe to use."
Malwarebytes is the fourth security vendor attacked by the UNC2452/Dark Halo threat actor, which was linked to a Russian government cyber-espionage operation. The other targeted companies are Microsoft, FireEye, and CrowdStrike.