- Malwarebytes said its intrusion is not related to the SolarWinds supply chain incident since the company doesn’t use any of SolarWinds software in its internal network.
- Malwarebytes said it learned of the intrusion from the Microsoft Security Response Center (MSRC) on December 15, which detected suspicious activity coming from the dormant Office 365 security app.
- At the time, Microsoft was auditing its Office 365 and Azure infrastructures for signs of malicious apps created by the SolarWinds hackers, also known in cyber-security circles as UNC2452 or Dark Halo.
- Malwarebytes becomes the fourth major security vendor targeted by the UNC2452/Dark Halo threat actor, which US officials have linked to a Russian government cyber-espionage operation.
- Previously targeted companies include FireEye, Microsoft, and CrowdStrike.
– Catalin Cimpanu | January 19, 2021