The list of companies affected by hackers who compromised SolarWinds continues to grow. Representatives of the information security company Malwarebytes said that although the company did not use SolarWinds products, the same attackers managed to gain access to its internal emails. Let me remind you that the attack on SolarWinds is attributed to an allegedly Russian-speaking hack group, which information security experts track under the names StellarParticle (CrowdStrike), UNC2452 (FireEye) and Dark Halo (Volexity).
In a statement, Malwarebytes emphasizes that the incident is not related to the recent supply chain attack and hack of SolarWinds . However, the same hackers hacked into Malwarebytes’ internal systems using a dormant security product in the Office 365 email client. Experts say that the hackers used an old vulnerability in Azure Active Directory to attack, and ended up being able to make API calls to retrieve emails. via MSGraph.
“While Malwarebytes does not use SolarWinds products, we, like many other companies, were recently attacked by the same attacker. We can confirm the existence of another attack vector that abuses applications with privileged access to Microsoft Office 365 and Azure environments, ”the company said.
The attack was discovered on December 15, 2020, and Malwarebytes learned about the incident from Microsoft experts, who noticed suspicious activity emanating from a dormant security application. The fact is that then it became known about the compromise of SolarWinds, and Microsoft checked its infrastructure (including Office 365 and Azure) in search of traces of malicious applications created by hackers who compromised SolarWinds.
After the hack was discovered, Malwarebytes conducted an internal review and now reports:
“After thorough investigation, we determined that the attacker only gained access to a limited number of internal company emails.”
Since in the case of SolarWinds, attackers injected malware into one of the affected company’s products (the Orion platform, designed for centralized monitoring and management, was provided with a malicious update), Malwarebytes representatives emphasize that a thorough audit of all products and their source code was carried out, but these checks were not have identified no evidence of unauthorized access or tampering. It is reported that the company’s software is safe and can be used further.