Cyber security company Malwarebytes was breached by the same actors which breached US government and business in last year’s massive SolarWinds attack.
In a blog post about the incident, Malwarebytes founder Marcin Kleczynski said Microsoft first alerted the firm to “suspicious activity” coming from a third-party application in Office 365.
Partnering with Microsoft’s cyber sleuths, the Malwarebytes team found the attackers exploited a “dormant email protection product” in part of the company’s Office 365 rollout and gained access to “a limited subset of internal company emails”.
“Considering the supply chain nature of the SolarWinds attack, and in an abundance of caution, we immediately performed a thorough investigation of all Malwarebytes source code, build and delivery processes, including reverse engineering our own software,” Kleczynski said.
“Our internal systems showed no evidence of unauthorised access or compromise in any on-premises and production environments. Our software remains safe to use.”
After being breached last December, fellow cyber security company FireEye discovered malware that was being distributed in the supply chain of US network software firm SolarWinds.
Around 18,000 SolarWinds customers – which include US government and large enterprises – were directly impacted by the malware injection that was attributed to Russian intelligence.
Malwarebytes said it is not a SolarWinds client but believes it was targeted by the same bad actors using vectors that target Microsoft Office 365 and Azure.
The vulnerability lets attackers who already have some level of administrator privilege further escalate access within an organisation by assigning credentials to their own applications and remotely making API calls using Microsoft Graph.
Kleczynski was confident the breach has been cleaned up and was thankful for the coordinated efforts between cyber security companies following the SolarWinds revelations late last year.
“In an already difficult year, security practitioners and incident responders responded to the call of duty and worked throughout the holiday season, including our own dedicated employees,” he said.
“The security industry is full of exceptional people who are tirelessly defending others, and today it is strikingly evident just how essential our work is moving forward.”
Amid the SolarWinds fallout, cyber firms FireEye and Crowdstrike have both released free Powershell tools that look for related malicious activity in Azure.