SpearTip | January 20th, 2021

The team of over 600 malware hunters, software engineers, and security industry veterans, confirmed being attacked on Tuesday, Jan. 19.

Malwarebytes claims, “You and everyone have a right to a malware-free existence.”

The cybersecurity firm says the threat actors behind the biggest cyberattack in history, the SolarWinds breach, were able to obtain access to company emails. It hasn’t yet been discovered exactly how many.

To be clear, Malwarebytes does NOT use SolarWinds. According to Marcin Kleczynski, CEO, Malwarebytes was attacked by the same threat actors being tracked as StellarParticle by CrowdStrike, UNC2452 by FireEye, and Dark Halo by Volexity.

On Dec. 15, Malwarebytes was informed about suspicious activity in their environment that resembled the tactics and techniques of the SolarWinds threat actors.

There was an intrusion that took advantage of applications with privileged access to Microsoft Office 365 and Azure environments. Kleczynski confidently says there isn’t evidence of a compromise or unauthorized access to internal production or on-premise environments.

The threat actors targeted an inactive email protection product within the Office 365 tenant used by Malwarebytes. They also attacked the administrative and service credentials by including a self-signed certificate with valid credentials to the Microsoft Graph service principal account. As a result, the threat actors were able to request emails via MSGraph since they had authenticated the key and made an API call.

Although, Malwarebytes is the fourth cybersecurity firm to be affected by the SolarWinds’ threat actors, it is safe to say Malwarebytes software is safe to use as of right now.

SpearTip experts have had their eyes on the SolarWinds breach since the beginning. In fact, our developers created a free tool, Sunscreen SPF 10, to check if the Sunburst Malware has been in your network by monitoring malicious activity and rooting out compromised versions of SolarWinds. We’ve also developed an EDR tool, ShadowSpear®, to monitor your environment and allow full transparency on your risk profile.

The cybersecurity professionals in our Security Operations Center (SOC) are on call 24/7 and will assist with any issues or concerns regarding the SolarWinds breach. If you have questions, call the SOC at 833.997.7327.