Malwarebytes said it was hacked by the same group who breached SolarWinds

Malwarebytes said it was hacked by the same group who breached SolarWinds

Posted January 19, 2021

Malwarebytes said it was hacked by the same group who breached SolarWinds

  • Malwarebytes said its intrusion is not related to the SolarWinds supply chain incident since the company doesn’t use any of SolarWinds software in its internal network.
  • Malwarebytes said it learned of the intrusion from the Microsoft Security Response Center (MSRC) on December 15, which detected suspicious activity coming from the dormant Office 365 security app.
  • At the time, Microsoft was auditing its Office 365 and Azure infrastructures for signs of malicious apps created by the SolarWinds hackers, also known in cyber-security circles as UNC2452 or Dark Halo.
  • Malwarebytes becomes the fourth major security vendor targeted by the UNC2452/Dark Halo threat actor, which US officials have linked to a Russian government cyber-espionage operation.
  • Previously targeted companies include FireEye, Microsoft, and CrowdStrike.

– Catalin Cimpanu | January 19, 2021