Malwarebytes, a North American developer of information security solutions, is the Newest Confirmed Victim of the Massive Attack on the SolarWinds Supply Chain. According to the company, Microsoft has identified “suspicious activity” in Office 365 by Malwarebytes, which includes access to internal emails.
According to Malwarebytes, Microsoft has warned the company about suspicious activity from a third-party application in Microsoft Office 365 from Malwarebytes on December 15th of last year.
After the notification, the company, in partnership with Microsoft, began investigating the case. “We conducted an extensive investigation of our cloud environments and locations for any activity related to the API calls that triggered the initial alert,” writes Marcin Kleczynski, the company’s CEO.
The Malwarebytes investigation found that your emails have been compromised by cybercriminals with a high degree of privileged access to Office 365 and Azure Active Directory infrastructures. “The investigation indicates that attackers took advantage of an inactive email protection product on our Office 365 tenant that allowed access to a limited subset of internal company e-mails“, to be continued.
Attack branching
Malwarebytes argues that the invasion is unrelated to the attack on SolarWinds’ supply chain, as the company does not use any SolarWinds product or solution. However, the attack is indirectly related, as Microsoft was one of the direct victims of the attack on SolarWinds.
“Although Malwarebytes does not use SolarWinds, we, like many other companies, we were recently targeted by the same threat actor […] We do not use Azure cloud services in our production environments ”, justifies the CEO.
That is, cybercriminals (possibly linked to the Russian government) attacked SolarWinds’ supply chain and thereby have gained access to Microsoft Office 365 source code. With Office 365 in hand, they attacked customers of the tool, as is the case with Malwarebytes.
The attack is very similar to the invasion of thousands of internal emails from the United States Department of Justice (DoJ), who also had his emails compromised after cybercriminals gained access to Office 365 systems.
Malwarebytes guarantees that its products and services have not been affected. “Our internal systems showed no evidence of unauthorized access or compromise in any local and production environments. Our software remains safe to use, ”explains Kleczynski.
Sources: Malwarebytes; The Hacker News.
See the original post at: https://thehack.com.br/malwarebytes-tem-e-mails-internos-comprometidos-apos-ataque-a-solarwinds/?rand=48873
