When the mass compromise came to light last month, Microsoft said the hackers also stole signing certificates that allowed them to impersonate any of a target’s existing users and accounts through the Security Assertion Markup Language. The notice isn’t the first time investigators have said the SolarWinds software supply chain attack wasn’t the sole means of infection. So far, the investigators have found no evidence of unauthorized access or compromise in any Malwarebytes production environments. Investigators have determined that the attacker gained access to a limited subset of internal company emails.
“We can confirm the existence of another intrusion vector that works by abusing applications with privileged access to Microsoft Office 365 and Azure environments.” “While Malwarebytes does not use SolarWinds, we, like many other companies were recently targeted by the same threat actor,” the notice stated. In an online notice, however, Malwarebytes said the attackers used a different vector. The attackers are best known for first hacking into Austin, Texas-based SolarWinds, compromising its software-distribution system and using it to infect the networks of customers who used SolarWinds’ network management software.
Security firm Malwarebytes said it was breached by the same nation-state-sponsored hackers who compromised a dozen or more US government agencies and private companies.
0 kommentar(er)
