Malwarebytes says it was hacked by group that breached SolarWinds, via Azure and Office 365 exploits, but attackers only accessed a subset of internal emails
ZDNet Catalin Cimpanu
Related Coverage
- Microsoft Renames 10 Azure Active Directory Roles Petri
- SVR Attacks on Microsoft 365 Schneier on Security
- Security firm Malwarebytes was infected by same hackers who hit SolarWinds Ars Technica
- Malwarebytes attacked by same threat actor as SolarWinds Windows Central
- Malwarebytes Latest Victim of SolarWinds Cyberattack MakeUseOf
- Microsoft details how SolarWinds hackers hid their espionage CyberScoop
- Malwarebytes Hit by SolarWinds Attackers Threatpost
- Malwarebytes targeted by Nation State Actor implicated in SolarWinds breach. Evidence suggests abuse of privileged access to Microsoft Office 365 and Azure environments Malwarebytes Labs
- SolarWinds Hackers Access Malwarebytes' Office 365 Emails CRN
- SolarWinds hackers hit Malwarebytes through Microsoft exploit cloudpro.co.uk
- Malwarebytes says it was also breached by SolarWinds hackers HackRead
- Malwarebytes Confirms SolarWinds-Related Attack Through Microsoft 365 and Azure WinBuzzer
- Malwarebytes Targeted by SolarWinds Hackers SecurityWeek
- Malwarebytes was breached by the SolarWinds attackers Help Net Security
- SolarWinds hackers also targeted security specialist Malwarebytes Engadget
- Malwarebytes says it was hit by SolarWinds hackers TechRadar
- Malwarebytes emails targeted by SolarWinds hackers Silicon Republic
- Malwarebytes also hit by SolarWinds attackers ComputerWeekly.com
- Malwarebytes hacked by state actors behind SolarWinds attack CyberNews
- SolarWinds Hackers Also Breached Malwarebytes Cybersecurity Firm The Hacker News
- Malwarebytes says it was targeted by SolarWinds hackers too Neowin
- Malwarebytes hacked by SolarWinds attackers ARN
Discussion
-
@threatintel
Threat Intelligence
on x
More information from our SolarWinds investigation. New tool - Raindrop - appears to have been used by attackers for spreading across victim networks. https://symantec-enterprise- blogs.security.com/... #SolarWinds #Raindrop #Sunburst https://twitter.com/...
-
@campuscodi
Catalin Cimpanu
on x
Intrusion did not take place via a trojanized Orion app, since Malwarebytes doesn't use the software -Point of entry was described as “exploited an Azure Active Directory weakness” -Malwarebytes said it learned of the hack from Microsoft last month https://www.zdnet.com/...
-
@k8em0
Katie Moussouris
on x
“While Teardrop was used on computers that had been infected by the original Sunburst Trojan, Raindrop appeared elsewhere on the network, being used by the attackers to move laterally & deploy payloads on other computers” 🎶Raindrops keep fallin on my head(of incident response)🎶 h…
-
@ericgeller
Eric Geller
on x
Symantec has discovered another tool used by the suspected Russian hackers behind the SolarWinds campaign. The new tool, “Raindrop,” seems to have been used to spread across networks after initial access. https://symantec-enterprise- blogs.security.com/... https://twitter.com/...
-
@selenalarson
Selena
on x
Moar SolarWinds related malware. Really interesting to see how this is all unfolding in the weeks since the attack was first revealed. https://twitter.com/...
-
@arekfurt
Brian
on x
“The investigation indicates the attackers leveraged a dormant email protection product within our Office 365 tenant that allowed access to a limited subset of internal company emails.” Okay, so tell us the “email protection product” that was compromised. https://blog.malwarebyte…
-
@nickdothutton
Nick Hutton
on x
“threat actor added a self-signed certificate with credentials to the service principal account.” https://blog.malwarebytes.com/ ...
-
@fabio_viggiani
Fabio Viggiani
on x
Ah! I had an early feeling of malicious O365 apps used by this threat actor, before we got to know about Solarwinds Orion. Turns out that O365 apps were also used, for targets without Orion: https://www.zdnet.com/... https://twitter.com/...
-
@selenalarson
Selena
on x
The “SolarWinds actor” has been busy. And we've likely only seen a small fraction of its activities. Interesting similarities in using/exploiting MSFT cloud services for reconnaissance activities. Mimecast: https://www.reuters.com/... Malwarebytes:https://blog.malwarebytes. com/ …
-
@runasand
Runa Sandvik
on x
Remember the SolarWinds breach? Here's @mkleczynski confirming “the existence of another intrusion vector that works by abusing applications with privileged access to Microsoft Office 365 and Azure environments.” https://blog.malwarebytes.com/ ...
-
@campuscodi
Catalin Cimpanu
on x
Malwarebytes feared it could become the next SolarWinds and spent the last month auditing its software source code -Said there's no sign UNC2452 poisoned any of its apps -Appears intruders only managed to access a few emails https://www.zdnet.com/...
-
@kimzetter
Kim Zetter
on x
Symantec discovered another malicious component used by SolarWinds hackers. The tool, which they're calling Raindrop, is part of second-stage activity, used only on high-value targets to load CobaltStrike and spread across the victim's network. https://symantec-enterprise- blogs.…
-
@ericgeller
Eric Geller
on x
If you use Microsoft cloud tools, FireEye has some advice for stopping hackers from compromising your org's authentication services, something that the SolarWinds hackers have been doing after they initially breach a network. https://www.fireeye.com/...