US cyber-security firm Malwarebytes disclosed that they have been hacked by the same group which breached IT software company SolarWinds last year.
Malwarebytes confirmed that the intrusion is not related to the SolarWinds supply chain incident as they do not use any of SolarWinds software in its internal network.
The hackers breached its internal systems by exploiting a dormant email protection product within its Office 365 tenant.
The security became aware of the intrusion from the Microsoft Security Response Center (MSRC) on December 15, which detected suspicious activity coming from the dormant Office 365 security app.
During that time, Microsoft was auditing its Office 365 and Azure infrastructures for signs of malicious apps created by the SolarWinds hackers, known in cyber-security circles as UNC2452 or Dark Halo.
On learning about the breach, Malwarebytes immediately began an internal investigation to determine what has been accessed by the attackers.
From the investigation, it was determined that the attacker managed to get access to a limited subset of internal company emails.
Malwarebytes co-founder and current CEO, Marcin Kleczynski, said that since the same hacker breached SolarWinds and then moved to poison the company’s software by inserting the Sunburst malware into some updates for the SolarWinds Orion app, they also performed a very thorough audit of all its products and their source code, searching for any signs of a similar compromise or past supply chain attack.
He assured that their internal systems did not show any evidence of unauthorized access or compromise in any on-premises and production environments. He confirmed that their software is safe to use.
As of now, Malwarebytes becomes the fourth major security vendor targeted by the UNC2452/Dark Halo threat actor, that has been linked to a Russian government cyber-espionage operation.
The earlier targeted companies include FireEye, Microsoft, and CrowdStrike.
Image Credits : Malwarebytes