Security vendor Malwarebytes hacked through Office 365 and Azure access

Malwarebytes is the latest IT security vendor to fall prey to the nation state actor said to be behind the SolarWinds supply chain hack that compromised the US Treasury and other government agencies as well.

Co-founder Marcin Kieczynski said that an investigation found that the attackers, believed to be Russian, gained access to a "a limited subset of internal company emails".

Kieczynski said Malwarebytes found no further breaches, and added that the company's software remains safe to use.

"Our internal systems showed no evidence of unauthorised access or compromise in any on-premises and production environments," he wrote.

The attacker is believed to have abused applications with privileged access to Microsoft Office 365 and the Azure cloud computing environment to breach Malwarebytes, Kieczynski said.

A flaw in Azure Active Directory discovered in 2019 allows attackers to abuse third-party applications to get access to tenants, Kieczynski said.

Threat actors may have obtained initial access with sufficient administrative privileges through password guessing and spraying.

In Malwarebytes' case, the attacker added a self-signed digital certificate with credentials to the service principal account.

This allowed the attacker to authenticate with the digital key generated and to make application programming interface calls to request emails via the Microsoft Graph application.

Malwarebytes does not use the SolarWinds Orion network monitoring tool that was compromised in the supply chain attack discovered last year.