The company says its break-in has nothing to do with the SolarWinds accident because it does not use any of the SolarWinds software in its intranet, which served as hackers’ gateway to the systems of all the companies and federal agencies that they hacked.
According to the cybersecurity company, the group exploited the passive email protection product within the Office 365 tenant to gain access to its internal systems.
The company discovered the snooping for the first time after it received a call from the Microsoft Security Response Center on December 15 about suspicious activity from a third-party app in its Office 365 environment.
This activity was consistent with the tactics, techniques, and procedures used by the actors behind the SolarWinds attacks.
Malwarebytes assures anti-malware users that it has conducted an extensive investigation and determined that the attackers only had access to a limited subset of the company’s internal emails.
Upon examining its source code and re-engineering its software, it found no evidence of unauthorized access.
Malwarebytes maintains that it does not use Microsoft’s Azure cloud services and that its software remains safe to use.
The SolarWinds hack began sometime in March after attackers compromised the company’s Orion network management tools.
They used a vulnerability in this product to infiltrate the systems of SolarWinds customers, including Microsoft, the Department of Justice, the US Department of Energy and the National Administration of Nuclear Security.
Representatives from the FBI, the National Security Agency, the Cybersecurity Agency, and Infrastructure Security recently released a joint statement describing Russia as the most likely entity behind the breaches.
Malwarebytes has become, with the new revelations, the fourth major cybersecurity company to be targeted From the UNC2452 or Dark Halo group, previously targeted companies include Microsoft, FireEye, and CrowdStrike.