The American security company Malwarebytes said today that it had been violated by her team which he violated the company SolarWinds last year.
Malwarebytes said its intrusion was not related to the SolarWinds incident, as the company does not use any SolarWinds software within its network.
The security company said the attackers compromised their internal systems by exploiting a vulnerability in the Azure Active Directory and through vulnerable Office 365 applications.
Malwarebytes said they learned about the hack from Microsoft Security Response Center (MSRC) on December 15th.
At the time, Microsoft was testing the Office 365 and Azure infrastructure for malicious signs of malware. by SolarWinds hackers, also known in cyber security cycles as UNC2452 or Dark Halo.
Malwarebytes said that as soon as it learned of the breach, it launched an internal investigation to determine what hackers had access to.
"After extensive investigation, we decided that the attacker only had access to a limited subset of the company's internal emails," said Marcin Kleczynski, co-founder and current CEO of Malwarebytes.
Because the same hackers breached SolarWinds and then moved to "poison" the company's software with malware Sunburst, Kleczynski said they also conducted a very thorough audit of all of the company's products and source code looking for any sign of a breach.
"Our internal systems showed no indication of unauthorized access to any environment and production site.
"Our software remains safe to use," Kleczynski added.
Following today's revelation, Malwarebytes becomes the fourth security company breached by the UNC2452 / Dark Halo team, which US officials have linked to a Russian government spy operation.
The others Companies were the FireEye, Microsoft and CrowdStrike.
