In the Malwarebytes situation, Kleczynski said the threat actor added a self-signed certificate with credentials to the service principal account. Malwarebytes doesn’t use Azure cloud services in its production environments, he said. The Malwarebytes compromise confirms the existence of another intrusion vector that works by abusing applications with privileged access to Microsoft Office 365 and Azure environments, according to Kleczynski.
#CLOUD MALWAREBYTES SOFTWARE#
The company’s internal systems show no evidence of unauthorized access or compromise in any on-premises and production environments, and Malwarebytes’ software remains safe to use, according to Kleczynski. Kleczynski said Malwarebytes immediately performed a thorough investigation of all its source code, build and delivery processes, including reverse engineering the company’s own software. “The investigation indicates the attackers leveraged a dormant email production product within our Office 365 tenant that allowed access to a limited subset of internal company emails,” Kleczynski wrote in the blog post.
#CLOUD MALWAREBYTES CODE#
Malwarebytes doesn’t itself use the SolarWinds Orion network monitoring tool that hackers for months injected malicious code into. Malwarebytes’ incident response group and Microsoft’s Detection and Response Team joined forces to perform an extensive investigation of both Malwarebytes’ cloud and on-premises environments for any activity related to the API calls that trigged the initial alert, Kleczynski said. The suspicious activity was consistent with the tactics, techniques of procedures of the hacker behind the SolarWinds attack. 15 from the Microsoft Security Response Center about suspicious activity from a third-party application in its Office 365 tenant, Malwarebytes CEO Marcin Kleczynski wrote in a blog post Tuesday. The Santa Clara, Calif.-based endpoint security vendor said it received information Dec. The Russian hackers behind the massive SolarWinds attack gained access to a limited subset of Malwarebytes’ internal company emails stored in Microsoft Office 365.
0 kommentar(er)
