![]() ![]() Malwarebytes asserts that only a limited number of its internal company emails were stolen and that its own software repository had not been corrupted. Cybersecurity vendor Malwarebytes disclosed earlier this week that it had also been victimized by the same threat actor behind the SolarWinds attack, though via a different threat vector – it exploited certain applications with privileged access to Microsoft 365 and Azure environments. Now comes news that SolarWinds was not the only victim of this APT. The sophistication, long arc of the attack (believed to have begun in October 2019 and only discovered with a bit of luck in December 2020), and the requisite skills, commitment to success, and funding necessary to carry it out classifies it as an Advanced Persistent Threat (APT) attack that is generally only carried out by hostile national intelligence agencies (in this case, allegedly Russia’s Foreign Intelligence Service.) The attack used many ingenious techniques to evade detection by its victims’ IT operations monitoring tools and cybersecurity countermeasures, masquerading its malicious tools, utilities, and network usage as legitimate processes and traffic. When customers downloaded the latest Orion product update, the malware surreptitiously spread throughout their organizations, in many cases finding and forwarding sensitive data to external servers controlled by the attackers. ![]() The means was a software supply-chain: attackers breached the software distribution infrastructure of tech vendor SolarWinds, embedding malware in its popular Orion network management tool. Known as APT29 or Cozy Bear, the Russian group's supply chain attack has also had implications for security vendors including Mimecast and FireEye.You don’t have to work in cybersecurity to be aware of the recent discovery that a sophisticated state actor had potentially compromised tens of thousands of private companies and government institutions in the Americas, Europe, and the Middle East. News of the hacking campaign perpetrated through SolarWinds’ Orion network monitoring software emerged last month and saw the hacking group gain access to computer systems belonging to multiple US government departments in a long campaign that is believed to have started in March. Malwarebytes stressed that its software remains safe to use. "Our internal systems showed no evidence of unauthorised access or compromise in any on-premises and production environments." "Considering the supply chain nature of the SolarWinds attack, and in an abundance of caution, we immediately performed a thorough investigation of all Malwarebytes source code, build and delivery processes, including reverse engineering our own software,” the post said. The two found that the attackers leveraged a dormant email protection product within Malwarebyte's Office 365 tenant that allowed access to a limited subset of internal company emails, although the vendor does not use Azure cloud services in its production environments. Once the breach was discovered, Malwarebytes worked with Microsoft’s Detection and Response Team (DART) to investigate the vendor's cloud and on-premises environments for any activity related to the API calls that triggered the initial alert. "We found no evidence of unauthorised access or compromise in any of our internal on-premises and production environments." "After an extensive investigation, we determined the attacker only gained access to a limited subset of internal company emails, "the blog post said. ![]() In a blog post, Malwarebytes said that while it does not use SolarWinds, there was another intrusion vector that works by abusing applications with privileged access to Microsoft Office 365 and Azure environments. The US-based vendor admitted it has received notices of suspicious third-party activity from the Microsoft Security Response Centre on December 15.Īccording to Malwarebytes, these reflected tactics, techniques and procedures (TTPs) of the same advanced threat actor involved in the SolarWinds attacks, reportedly a hacking group linked to the Russian government. Anti-malware software vendor Malwarebytes has become the latest technology company swept up in last year's attack on SolarWinds. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |