Malwarebytes emails targeted by SolarWinds hackers

20 Jan 2021

Image: © wavemovies/

The company said some emails were breached by the attackers but its software products are still safe to use.

Cybersecurity firm Malwarebytes has said it was targeted by the same group of hackers that recently attacked SolarWinds.

The SolarWinds breach saw hackers break into the systems of the IT software provider used by many companies and US government agencies, allowing hackers to breach several agencies. The US has pointed the finger at Russia, saying earlier this month that the hack was “likely Russian in origin”, but Russia has denied responsibility.

While Malwarebytes said it doesn’t use any SolarWinds software, it believes its emails were breached by the same culprits.

Chief executive Marcin Kleczynski said Malwarebytes was alerted to suspicious activity in its systems by the Microsoft Security Response Center, which was “consistent with the tactics, techniques and procedures” used by the SolarWinds attackers.

“The investigation indicates the attackers leveraged a dormant email protection product within our Office 365 tenant that allowed access to a limited subset of internal company emails,” he said.

Malwarebytes carried out an investigation of its source code to ensure that it had not been breached in the same way as SolarWinds, where the Sunburst malware had wreaked havoc. But Malwarebytes said it found no evidence of an attack beyond the emails that were breached.

“Our internal systems showed no evidence of unauthorised access or compromise in any on-premises and production environments. Our software remains safe to use,” Kleczynski said.

Several major cybersecurity companies have reported being the target of attacks in recent weeks, including FireEye, email security firm Mimecast and CrowdStrike, which also found an attempt to access its emails.

In response to the attacks, FireEye recently released a free tool for companies to assess their systems for any clues consistent with the techniques used by the SolarWinds hackers.

Since the attacks on SolarWinds were first discovered last year, variations of the attackers’ malware have been discovered with up to four different types believed to have been used. This week, Symantec uncovered the latest new strain, which it has called Raindrop.

Jonathan Keane is a freelance business and technology journalist based in Dublin