Malwarebytes on Tuesday said it was breached by the same group who broke into SolarWinds to access some of its internal emails, making it the fourth major cybersecurity vendor to be targeted after FireEye, Microsoft, and CrowdStrike.
The company said its intrusion was not the result of a SolarWinds compromise, but rather due to a separate initial access vector that works by “abusing applications with privileged access to Microsoft Office 365 and Azure environments.”
The discovery was made after Microsoft notified Malwarebytes of suspicious activity from a dormant email protection app within its Office 365 tenant on December 15, following which it performed a detailed investigation into the incident.
“While Malwarebytes does not use SolarWinds, we, like many other companies were recently targeted by the same threat actor,” the company’s CEO Marcin Kleczynski said in a post. “We found no evidence of unauthorized access or compromise in any of our internal on-premises and production environments.”
The fact that initial vectors beyond SolarWinds software were used adds another missing piece to the wide-ranging espionage campaign, now believed to be carried out by a threat actor…