The Russian hackers behind the massive SolarWinds attack gained access to a limited subset of Malwarebytes’ internal company emails stored in Microsoft Office 365.
The Santa Clara, Calif.-based endpoint security vendor said it received information Dec. 15 from the Microsoft Security Response Center about suspicious activity from a third-party application in its Office 365 tenant, Malwarebytes CEO Marcin Kleczynski wrote in a blog post Tuesday. The suspicious activity was consistent with the tactics, techniques of procedures of the hacker behind the SolarWinds attack.
Malwarebytes’ incident response group and Microsoft’s Detection and Response Team joined forces to perform an extensive investigation of both Malwarebytes’ cloud and on-premises environments for any activity related to the API calls that trigged the initial alert, Kleczynski said. Malwarebytes doesn’t itself use the SolarWinds Orion network monitoring tool that hackers for months injected malicious code into.
“The investigation indicates the attackers leveraged a dormant email production product within our Office 365 tenant that allowed access to a limited subset of internal company emails,” Kleczynski wrote in the blog post.
Kleczynski said Malwarebytes immediately performed a thorough investigation of all its source code, build and delivery processes, including reverse engineering the company’s own software. The company’s internal systems show no evidence of unauthorized access or compromise in any on-premises and production environments, and Malwarebytes’ software remains safe to use, according to Kleczynski.
The Malwarebytes compromise confirms the existence of another