Malwarebytes says it was hacked by group that breached SolarWinds, via Azure and Office 365 exploits, but attackers only accessed a subset of internal emails
Malwarebytes becomes fourth major security firm targeted by attackers after Microsoft, FireEye, and CrowdStrike.
ZDNet Catalin Cimpanu
Related Coverage
- Malwarebytes targeted by Nation State Actor implicated in SolarWinds breach. Evidence suggests abuse of privileged access to Microsoft Office 365 and Azure environments Malwarebytes Labs · Marcin Kleczynski
- Raindrop: New Malware Discovered in SolarWinds Investigation symantec-enterprise …
- View article CRN
- Malwarebytes attacked by same threat actor as SolarWinds Windows Central · Sean Endicott
- View article cloudpro.co.uk
- View article HackRead
- View article WinBuzzer
- SolarWinds hackers also targeted security specialist Malwarebytes Engadget · Mariella Moon
- Malwarebytes emails targeted by SolarWinds hackers Silicon Republic · Jonathan Keane
- Malwarebytes Targeted by SolarWinds Hackers SecurityWeek · Eduard Kovacs
- Malwarebytes hacked by state actors behind SolarWinds attack CyberNews · Bernard Meyer
- Malwarebytes says it was hit by SolarWinds hackers TechRadar · Barclay Ballard
- Cybersecurity firm Malwarebytes was hacked by ‘Dark Halo,’ the same group that breached SolarWinds last year Business Insider · Natasha Dailey
- Malwarebytes says it was targeted by SolarWinds hackers too Neowin · Paul Hill
- Malwarebytes hacked by SolarWinds attackers ARN · Eleanor Dickinson
- A New SolarWinds Malware Strain Is Discovered Gizmodo · Lucas Ropek
- SolarWinds Attack Underscores ‘New Dimension’ in Cyber-Espionage Tactics Dark Reading · Kelly Jackson Higgins
- Suspected Russian Hackers Targeted Cyber Firm Malwarebytes Bloomberg · Alyza Sebenius
- Malwarebytes Hit by SolarWinds Hackers, But Only Internal Emails Were Accessed PCMag · Michael Kan
- Security vendor Malwarebytes hacked through Office 365 and Azure iTnews · Juha Saarinen
- Malwarebytes says SolarWinds hackers accessed its internal emails BleepingComputer · Sergiu Gatlan
Discussion
-
@campuscodi
Catalin Cimpanu
on x
Intrusion did not take place via a trojanized Orion app, since Malwarebytes doesn't use the software -Point of entry was described as “exploited an Azure Active Directory weakness” -Malwarebytes said it learned of the hack from Microsoft last month https://www.zdnet.com/...
-
@threatintel
Threat Intelligence
on x
More information from our SolarWinds investigation. New tool - Raindrop - appears to have been used by attackers for spreading across victim networks. https://symantec-enterprise- blogs.security.com/... #SolarWinds #Raindrop #Sunburst https://twitter.com/...
-
@arekfurt
Brian
on x
“The investigation indicates the attackers leveraged a dormant email protection product within our Office 365 tenant that allowed access to a limited subset of internal company emails.” Okay, so tell us the “email protection product” that was compromised. https://blog.malwarebyte…
-
@k8em0
Katie Moussouris
on x
“While Teardrop was used on computers that had been infected by the original Sunburst Trojan, Raindrop appeared elsewhere on the network, being used by the attackers to move laterally & deploy payloads on other computers” 🎶Raindrops keep fallin on my head(of incident response)🎶 h…
-
@fabio_viggiani
Fabio Viggiani
on x
Ah! I had an early feeling of malicious O365 apps used by this threat actor, before we got to know about Solarwinds Orion. Turns out that O365 apps were also used, for targets without Orion: https://www.zdnet.com/... https://twitter.com/...
-
@ericgeller
Eric Geller
on x
Symantec has discovered another tool used by the suspected Russian hackers behind the SolarWinds campaign. The new tool, “Raindrop,” seems to have been used to spread across networks after initial access. https://symantec-enterprise- blogs.security.com/... https://twitter.com/...
-
@nickdothutton
Nick Hutton
on x
“threat actor added a self-signed certificate with credentials to the service principal account.” https://blog.malwarebytes.com/ ...
-
@selenalarson
Selena
on x
Moar SolarWinds related malware. Really interesting to see how this is all unfolding in the weeks since the attack was first revealed. https://twitter.com/...
-
@campuscodi
Catalin Cimpanu
on x
Malwarebytes feared it could become the next SolarWinds and spent the last month auditing its software source code -Said there's no sign UNC2452 poisoned any of its apps -Appears intruders only managed to access a few emails https://www.zdnet.com/...
-
@kimzetter
Kim Zetter
on x
Symantec discovered another malicious component used by SolarWinds hackers. The tool, which they're calling Raindrop, is part of second-stage activity, used only on high-value targets to load CobaltStrike and spread across the victim's network. https://symantec-enterprise- blogs.…