Malwarebytes discloses that the same entity that breached SolarWinds hacked it.

After Microsoft, FireEye, and CrowdStrike, Malwarebytes became the fourth major security firm attacked by attackers.

Today, the US cyber security firm Malwarebytes said it was hacked by the same party that last year breached SolarWinds, an IT software company.

As the organization does not use any of the SolarWinds applications in its internal network, Malwarebytes said its intrusion is not connected to the SolarWinds supply chain incident.

Instead, by leveraging an Azure Active Directory vulnerability and manipulating malicious Office 365 software, the security company said the hackers breached its internal networks.

Malwarebytes said it heard on December 15 about the intrusion from the Microsoft Security Response Center (MSRC).

Microsoft was auditing its Office 365 and Azure infrastructures at the time for signs of malicious apps created by hackers from SolarWinds, also known as UNC2452 or Dark Halo in cyber security circles.

Malwarebytes said that it launched an internal investigation to ascertain what hackers were accessing after it learned of the breach.

“After an extensive investigation, we determined the attacker only gained access to a limited subset of internal company emails,” Marcin Kleczynski, co-founder and current CEO of Malwarebytes, said today.

MALWAREBYTES PRODUCTS ARENT AFFECTED
Since SolarWinds was breached by the same threat actor and then moved to poison the software of the company by injecting the Sunburst malware into some SolarWinds Orion app updates, Kleczynski said they have conducted a very thorough audit of all its products and their source code, looking for any signs of a similar compromise or previous supply chain assault.

“In any on-site and production environments, our internal systems have provided no signs of unauthorized access or compromise. It remains secure to use our software,”Our software remains safe to use,”

Malwarebytes is the fourth major security vendor targeted by the UNC2452/Dark Halo threat actor, which US officials have linked to a cyber-espionage campaign by the Russian government, following today’s revelation.

Companies which were previously targeted include FireEye, Microsoft and CrowdStrike.