Cybersecurity firm Malwarebytes said Tuesday it believes that some of its emails were compromised by the same threat actors behind the hack of SolarWinds technology, which caused a breach of U.S. government systems late last year.
The company said that while it didn’t use SolarWinds technology, it had been successfully targeted by the same hackers who were able to breach its Microsoft Office 365 and Microsoft Azure environments.
The attack, Malwarebytes said, gave the hackers access to “a limited subset of internal company emails.”
The company added that its internal systems showed no evidence of unauthorized access or compromise in any on-premises and production environments
“Our software remains safe to use,” the statement said.
The company's Chief Executive, Marcin Kleczynski, said in a Twitter statement that the hacking campaign “is much broader than SolarWinds and I expect more companies will come forward soon.”
The breach was achieved by inserting malware, or malicious code, into software updates for the SolarWinds Orion platform, a widely used network management tool.
The Cyber Unified Coordination Group (UCG), which is composed of the FBI, the Cybersecurity and Infrastructure Security Agency (CISA), and the Office of the Director of National Intelligence, with support from the NSA said earlier this month that the hacking effort was intended for “intelligence gathering,” as opposed to an attempt to damage or disrupt government operations in the United States.
“This work indicates that an Advanced Persistent Threat (APT) actor, likely Russian in origin, is responsible for most or all of the recently discovered, ongoing cyber compromises of both government and non-governmental networks,” said the UCG, which was formed to respond to the hack.
“This was a never-before-seen capability that computer systems weren’t designed to detect,” said Krebs, adding that Russia is “exceptionally good at this sort of work.”
Krebs admitted his “failure” to stop the cyberattack, saying, “It happened on my watch … but there is work to do now going forward to make sure, A: we get past this, that we get the Russians out of the networks, but B: that it never happens again.”
The Kremlin has denied any involvement.