Security vendor Malwarebytes hacked through Office 365 and Azure access

By

Nation state actor behind SolarWinds breach implicated.

Malwarebytes is the latest IT security vendor to fall prey to the nation state actor said to be behind the SolarWinds supply chain hack that compromised the US Treasury and other government agencies as well.

Security vendor Malwarebytes hacked through Office 365 and Azure access

Co-founder Marcin Kieczynski said that an investigation found that the attackers, believed to be Russian, gained access to a "a limited subset of internal company emails".

Kieczynski said Malwarebytes found no further breaches, and added that the company's software remains safe to use.

"Our internal systems showed no evidence of unauthorised access or compromise in any on-premises and production environments," he wrote.

The attacker is believed to have abused applications with privileged access to Microsoft Office 365 and the Azure cloud computing environment to breach Malwarebytes, Kieczynski said.

A flaw in Azure Active Directory discovered in 2019 allows attackers to abuse third-party applications to get access to tenants, Kieczynski said.

Threat actors may have obtained initial access with sufficient administrative privileges through password guessing and spraying.

In Malwarebytes' case, the attacker added a self-signed digital certificate with credentials to the service principal account.

This allowed the attacker to authenticate with the digital key generated and to make application programming interface calls to request emails via the Microsoft Graph application.

Malwarebytes does not use the SolarWinds Orion network monitoring tool that was compromised in the supply chain attack discovered last year.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:

Most Read Articles

Phishing attack nets enormous npm supply chain compromise

Phishing attack nets enormous npm supply chain compromise

Service NSW centralises security, networking in mammoth CloudOps overhaul

Service NSW centralises security, networking in mammoth CloudOps overhaul

VicRoads to phase out passwords in favour of passkeys

VicRoads to phase out passwords in favour of passkeys

Apple adds "mercenary spyware" protection to new A19 chip

Apple adds "mercenary spyware" protection to new A19 chip

Log In

  |  Forgot your password?