Malwarebytes Hacked by SolarWinds Attackers


  1. csun
    Posts : 1,026
    Win10 Version 21H2 19044.1645
       New #1

    Malwarebytes Hacked by SolarWinds Attackers


    Excerpts:


    US cyber-security firm Malwarebytes today said it was hacked by the same group which breached IT software company SolarWinds last year.

    Malwarebytes said its intrusion is not related to the SolarWinds supply chain incident since the company doesn't use any of SolarWinds software in its internal network.



    Instead, the security firm said the hackers breached its internal systems by exploiting an Azure Active Directory weakness and abusing malicious Office 365 applications.

    Malwarebytes said it learned of the intrusion from the Microsoft Security Response Center (MSRC) on December 15.

    "After an extensive investigation, we determined the attacker only gained access to a limited subset of internal company emails," said today Marcin Kleczynski, Malwarebytes co-founder and current CEO.

    "Our internal systems showed no evidence of unauthorized access or compromise in any on-premises and production environments.

    "Our software remains safe to use," Kleczynski added.


    Malwarebytes said it was hacked by the same group who breached SolarWinds | ZDNet
      My Computer
    Quote Quote

  3. hsehestedt
    Posts : 4,187
    Windows 11 Pro, 22H2
       New #2

    Gee, that's certainly not confidence inspiring.
      My Computers
    Quote Quote

  4. Brink
    Posts : 68,917
    64-bit Windows 11 Pro for Workstations
       New #3

    https://blog.malwarebytes.com/malwar...-environments/
      My Computers
    Quote Quote

  6. johngalt
    Posts : 2,667
    Windows 11 21H2 (22000.593)
       New #4

    The scope and breadth of the attacks are still not fully known. Anyone who says otherwise is simply drinking the Kool-Aid being supplied by the various governments attacked in order to pacify the people into believe that it isn't that serious (or else, they are one of the agents of said governments).

    It's **VERY** serious. And much, much more widespread than we're being led to believe.
      My Computers
    Quote Quote

  7. Plankton
    Posts : 2,075
    Windows 10 Pro
       New #5

    johngalt said:
    The scope and breadth of the attacks are still not fully known. Anyone who says otherwise is simply drinking the Kool-Aid being supplied by the various governments attacked in order to pacify the people into believe that it isn't that serious (or else, they are one of the agents of said governments).
    It's **VERY** serious. And much, much more widespread than we're being led to believe.
    Couldn't have said it any better!
      My Computer
    Quote Quote

  8. Plankton
    Posts : 2,075
    Windows 10 Pro
       New #6

    I don't use any of the MS software listed and since my subscription to Malwarebytes has passed, I've not had it installed in months now. Crazy!
      My Computer
    Quote Quote

  9. Porthos
    Posts : 928
    Win 10
       New #7

    The Malwarebytes products were not affected. It was some internal email.

    The investigation indicates the attackers leveraged a dormant email protection product within our Office 365 tenant that allowed access to a limited subset of internal company emails. We do not use Azure cloud services in our production environments. Considering the supply chain nature of the SolarWinds attack, and in an abundance of caution, we immediately performed a thorough investigation of all Malwarebytes source code, build and delivery processes, including reverse engineering our own software. Our internal systems showed no evidence of unauthorized access or compromise in any on-premises and production environments. Our software remains safe to use.
      My Computers
    Quote Quote

  10. johngalt
    Posts : 2,667
    Windows 11 21H2 (22000.593)
       New #8

    <deleted quote>

    While Malwarebytes does not use SolarWinds, we, like many other companies were recently targeted by the same threat actor. We can confirm the existence of another intrusion vector that works by abusing applications with privileged access to Microsoft Office 365 and Azure environments. After an extensive investigation, we determined the attacker only gained access to a limited subset of internal company emails. We found no evidence of unauthorized access or compromise in any of our internal on-premises and production environments.
    If you go back and look at the timeline of the attacks being made public, the initial report was by another security firm - who reported that it had been hacked.

    A good read on the whole timeline (as we know it now). The SolarWinds cyberattack: The hack, the victims, and what we know
    Last edited by johngalt; 20 Jan 2021 at 11:46.
      My Computers
    Quote Quote

  12. Bastet
    Posts : 2,550
    Windows 10 Pro 64bit
       New #9

    johngalt said:
    It's also worrying that you're completely ignoring what the blog post says (and which Porthos quoted right above your own post):



    If you go back and look at the timeline of the attacks being made public, the initial report was by another security firm - who reported that it had been hacked.

    A good read on the whole timeline (as we know it now). The SolarWinds cyberattack: The hack, the victims, and what we know
    I’ve deleted the post.
      My Computer
    Quote Quote

 

  Related Discussions
Hi I installed Solarwinds SCP Server and have decided it's not for me. I've gone into Control Panel / Uninstall or Change a program and selected it to Uninstall. After a couple of seconds I get a screen with a red background saying 'This app...
Laptop just finished installing the latest cumulative update KB4598242 CU Windows 10 v2004 build 19041.746 and v20H2 19042.746 I am getting this error when trying to connect to Torrenting.com and NZBPlanet.com I am using MS Edge Browser and have...
Read more: Microsoft says it identified 40+ victims of the SolarWinds hack | ZDNet https://blogs.microsoft.com/on-the-issues/2020/12/17/cyberattacks-cybersecurity-solarwinds-fireeye/...
Read more: New vulnerability lets attackers sniff or hijack VPN connections | ZDNet
18-year-old Windows bug allows attackers to harvest credentials
in AntiVirus, Firewalls and System Security

18-year-old Windows bug allows attackers to harvest credentials - TechRepublic
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

 © Designer Media Ltd
All times are GMT -5. The time now is 02:57.
Find Us




Windows 10 Forums