Malwarebytes says some of its emails were breached by SolarWinds hackers

Cybersecurity company Malwarebytes said on Tuesday, January 19, that some of its emails were breached by the same hackers who used the software company SolarWinds to hack into a series of US government agencies.

In a statement, the Santa Clara, California-based company said that while it did not use software made by SolarWinds, the company at the center of the breach, it had been successfully targeted by the same hackers who were able to sneak into its Microsoft Office 365 and Microsoft Azure environments.

Malwarebytes said the hack gave the spies access to “a limited subset of internal company emails.” But it found no evidence of unauthorized access or compromise of its production environments – which could have had a potentially catastrophic impact because the company’s security products are used by millions of people.

“Our software remains safe to use,” the company’s statement said.

The disclosure was the latest in a series of announcements by digital security firms that they were either compromised or targeted by the hackers, who the US government has judged to be “likely Russian in origin.”

The SolarWinds hackers have previously been accused of stealing hacking tools from cybersecurity firm FireEye, accessing an unspecified number of source code repositories at Microsoft and hijacking digital certificates used by email defense firm Mimecast.

Cybersecurity firm CrowdStrike said late last month that it too had recently discovered an unsuccessful attempt to steal its emails. The company did not identify the hackers involved but two people familiar with its said they were the same suspected Russian hackers accused of breaching SolarWinds.

Russia has denied any involvement in the hacking spree.

In a message posted to Twitter, Malwarebytes’ Chief Executive Marcin Kleczynski said the hacking campaign “is much broader than SolarWinds and I expect more companies will come forward soon.” – Rappler.com