Malwarebytes Hacked by Group Behind SolarWinds Breach, Company Says

Malwarebytes Hacked by Group Behind SolarWinds Breach, Company Says
A member of a hacking group uses his computer at their office in Dongguan, Guangdong province, China, on Aug. 4, 2020. (Nicolas Asfouri/AFP via Getty Images)
Isabel van Brugen

Cybersecurity firm Malwarebytes said Tuesday it believes that some of its emails were compromised by the same threat actors behind the hack of SolarWinds technology, which caused a breach of U.S. government systems late last year.

In a statement, Malwarebytes said that based on the tactics and techniques of the attack, the Santa Clara, California-based company believes it was “the same threat actor” that attacked SolarWinds, which is used by all five branches of the U.S. military and numerous government agencies.

The company said that while it didn’t use SolarWinds technology, it had been successfully targeted by the same hackers who were able to breach its Microsoft Office 365 and Microsoft Azure environments.

The attack, Malwarebytes said, gave the hackers access to “a limited subset of internal company emails.”

The company added that its internal systems showed no evidence of unauthorized access or compromise in any on-premises and production environments

“Our software remains safe to use,” the statement said.

The company’s Chief Executive, Marcin Kleczynski, said in a Twitter statement that the hacking campaign “is much broader than SolarWinds and I expect more companies will come forward soon.”

The company’s announcement comes shortly after federal security agencies in a rare joint statement said they believe, based on evidence so far, that Russia was likely behind the hack of SolarWinds technology late last year.

The breach was achieved by inserting malware, or malicious code, into software updates for the SolarWinds Orion platform, a widely used network management tool.

The Cyber Unified Coordination Group (UCG), which is composed of the FBI, the Cybersecurity and Infrastructure Security Agency (CISA), and the Office of the Director of National Intelligence, with support from the NSA said earlier this month that the hacking effort was intended for “intelligence gathering,” as opposed to an attempt to damage or disrupt government operations in the United States.

“This work indicates that an Advanced Persistent Threat (APT) actor, likely Russian in origin, is responsible for most or all of the recently discovered, ongoing cyber compromises of both government and non-governmental networks,” said the UCG, which was formed to respond to the hack.

Former senior cybersecurity official Christopher Krebs, who prior to his recent dismissal by former President Donald Trump served as CISA director, told CNN’s Jake Tapper last year that he believed the widescale cyberattack was conducted by Russia and was possible because of a “seam” in defenses.

“This was a never-before-seen capability that computer systems weren’t designed to detect,” said Krebs, adding that Russia is “exceptionally good at this sort of work.”

Krebs admitted his “failure” to stop the cyberattack, saying, “It happened on my watch … but there is work to do now going forward to make sure, A: we get past this, that we get the Russians out of the networks, but B: that it never happens again.”

The Kremlin has denied any involvement.