News
Malwarebytes hacked by SolarWinds hackers
BlogBreachesResourcesNews
Malwarebytes hacked by SolarWinds hackers

Malwarebytes hacked by SolarWinds hackers

Edward Kost
Edward Kost
January 20, 2021


Malwarebytes, a U.S. cyber-security firm, has announced that it was hacked by the same threat actors responsible for the SolarWinds breach.

Malwarebytes is not a SolarWinds customer, so this breach is not related to the SolarWinds supply chain attack.

In its official statement of the incident, Malwarebytes confirmed that the hackers abused applications with privileged access to Microsoft Office 365 and Azure environments. The result was a breach involving a limited subset of Malwerbyte’s internal company emails.

“The investigation indicates the attackers leveraged a dormant email protection product within our Office 365 tenant that allowed access to a limited subset of internal company emails. We do not use Azure cloud services in our production environments.” Malwarebytes said in their statement.

This breach was achieved through an Azure Active Directory vulnerability allowing users to escalate privileges by assigning credentials to applications.

Malwarebytes discovered that the threat actors added a self-signed certificate to ultimately request access to internal emails through MSGraph.

“In our particular instance, the threat actor added a self-signed certificate with credentials to the service principal account. From there, they can authenticate using the key and make API calls to request emails via MSGraph.”

Securing Azure tenants is challenging, especially through vendors that could be specifically targeted in a third-party breach campaign.

The Cybersecurity and Infrastructure Security Agency (CISA) released an alert outlining the tactics used by the SolarWinds threat actors. Initial attack vectors often involve Password Guessing, Password Spraying and/or exploiting inappropriately secured administrative for service credentials.

CISA identified a transition from user context to administrator rights for privilege escalation. This means privilege escalation prevention tactics could potentially fend off such attacks.

Internal communications seems to be the new coveted commodity amongst cybercriminals. This could be a purely coincidental development, or evidence of a broad reconnaissance campaign by the same threat actor.

How secure is Malwarebytes?

Malwarebytes is an anti-malware software for Microsoft Windows, macOS, Android, and iOS that finds and removes malware
  • Check icon
    View our free preliminary report on Malwarebytes’s security posture
  • Check icon
    13 risk factors, including email security, SSL, DNS health, open ports and common vulnerabilities
View Malwarebytes's score
View score
https://www.malwarebytes.com/
Security ratings
Abstract shape
Deliver icon

Sign up for our newsletter

Stay up-to-date on everything UpGuard with our monthly newsletter, full of product updates, company highlights, free cybersecurity resources, and more.

Latest news

Stay up-to-date with the latest news in cybersecurity.
Supply Chain Ransomware Attack Impacts Semiconductor Manufacturer

Supply Chain Ransomware Attack Impacts Semiconductor Manufacturer

One of the world's largest manufacturers of semiconductors has attributed a $250 million loss in its second-quarter sales report to a supply chain attack.
Edward Kost
Edward Kost
February 27, 2023
Optus Data Breach Exposes Up to 9.8 Million Customers' Details

Optus Data Breach Exposes Up to 9.8 Million Customers' Details

Cybercriminals believed to be working for a criminal or state-sponsored operation breached Optus' internal network, compromising personal information impacting up to 9.8 million customers.
Edward Kost
Edward Kost
September 26, 2022
Medibank Data Breach Impacts 9.7 Million Customers

Medibank Data Breach Impacts 9.7 Million Customers

Medibank suffered a data breach that compromised 9.7 million current and former customers.
Edward Kost
Edward Kost
November 11, 2022
OpenWRT breached through admin account

OpenWRT breached through admin account

OpenWRT, an open source firmware solution for home routers, was breached exposing the email addresses of many of its forum users.
Edward Kost
Edward Kost
January 16, 2021
Australian Real Estate Website Hacked 

Australian Real Estate Website Hacked 

Domain, one of Australia’s leading property market platforms, has fallen victim to a cyber attack
Edward Kost
Edward Kost
May 24, 2021
NT Government forced offline by compromised third-party vendor

NT Government forced offline by compromised third-party vendor

The Northern Territory Government's third-party IT system supply has fallen victim to a ransomware attack.
Edward Kost
Edward Kost
January 11, 2021
View all news
UpGuard customer support teamUpGuard customer support teamUpGuard customer support team

Protect your organization

Get in touch or book a free demo.
Contact sales
Free demo
Free instant security score

How secure is your organization?

Request a free cybersecurity report to discover key risks on your website, email, network, and brand.
  • Check icon
    Instant insights you can act on immediately
  • Check icon
    Hundreds of risk factors including email security, SSL, DNS health, open ports and common vulnerabilities
Free score
Website Security scan resultsWebsite Security scan rating
UpGuard logo
UpGuard is a complete third-party risk and attack surface management platform.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Contact sales
Free trial
Products
Tools
Company
Insights
Products
Compare
Solutions
Company
Insights
© UpGuard, Inc.
Research GuidelinesPlatform Terms & ConditionsWebsite Terms & ConditionsPrivacyCookies