The executives of cybersecurity firm Malwarebytes have revealed that their systems were hacked by the same group of threat actors responsible for the recent incident at SolarWinds. Malwarebytes does not employ SolarWinds solutions, so the company rules out that these incidents are directly related.
On the possible attack vector, the company mentions that hackers would have gained access by exploiting an unpatched vulnerability in Azure Active Directory and using some malicious applications for Office 365. The Microsoft Security Response Center (MSRC) was notified of the incident late last year.
Additional reports indicate that, at the time of receipt of this report, Microsoft was conducting a strict audit in Office 365 and Azure for possible malicious activity related to SolarWinds hackers, identified as Dark Halo or UNC2452.
Malwarebytes’ security team began an investigation immediately after detecting the intrusion: “After extensive research, we determined that threat actors accessed only a limited subset of our employees’ email addresses,” said CEO Marcin Kleczynski.
The main concern for Malwarebytes was that attackers had managed to inject Sunburst malware into their systems, which would have made it easier to install backdoors. The audit deployed by the company’s researchers focused on finding any indicator of engagement similar to the past supply chain attack: “Our internal systems showed no evidence of unauthorized access or compromise in any local and production environment,” Kleczynski said.
In this way Malwarebytes becomes the fourth security company affected by Dark Halo, a group allegedly linked to the Russian government although these remain speculation. Microsoft, CrowdStrike and FireEye have also been targets of this hacking group.
He is a well-known expert in mobile security and malware analysis. He studied Computer Science at NYU and started working as a cyber security analyst in 2003. He is actively working as an anti-malware expert. He also worked for security companies like Kaspersky Lab. His everyday job includes researching about new malware and cyber security incidents. Also he has deep level of knowledge in mobile security and mobile vulnerabilities.