In a blog post, the digital security firm Malwarebytes said that it had been targeted by the nation state actor implicated in the SolarWinds breach late last year that affected the U.S. government, Microsoft, Nvidia, VMware, and others.
According to the computer security firm, it does not use SolarWinds but was attacked via another intrusion vector that leveraged applications that had privileged access to Microsoft Office 365 and Azure. Malwarebytes said that the attacker managed to get access to "a limited subset of internal company emails" but didn't find any evidence that their production systems had been compromised.
Malwarebytes’ incident response group worked with Microsoft’s Detection and Response Team (DART) to find out how the attack happened. Explaining what the teams did, Malwarebytes CEO Marcin Kleczynski said:
"Together, we performed an extensive investigation of both our cloud and on-premises environments for any activity related to the API calls that triggered the initial alert. The investigation indicates the attackers leveraged a dormant email protection product within our Office 365 tenant that allowed access to a limited subset of internal company emails."
To ensure that none of its products and systems were compromised, it carried out an analysis of the Malwarebytes source code, build and delivery processes and even reverse-engineered its software. This, coupled with the fact that none of its internal systems were compromised, led the company to declare that its software remains safe to use.
To combat these sophisticated attacks, Malwarebytes has called on other security companies to continue sharing information so that responses are effective. It also thanked the security community for working over the holiday period to respond to the hack.