Suspected Russian Hackers Targeted Cyber Firm Malwarebytes


(Bloomberg) — Suspected Russian hackers targeted the cybersecurity company Malwarebytes Inc. in the course of a sprawling cyber-attack that breached U.S. government agencies and companies.



a close up of a computer keyboard: A person uses a laptop computer with illuminated English and Russian Cyrillic character keys in this arranged photograph in Moscow, Russia, on Thursday, March 14, 2019. Russian internet trolls appear to be shifting strategy in their efforts to disrupt the 2020 U.S. elections, promoting politically divisive messages through phony social media accounts instead of creating propaganda themselves, cybersecurity experts say.


© Bloomberg
A person uses a laptop computer with illuminated English and Russian Cyrillic character keys in this arranged photograph in Moscow, Russia, on Thursday, March 14, 2019. Russian internet trolls appear to be shifting strategy in their efforts to disrupt the 2020 U.S. elections, promoting politically divisive messages through phony social media accounts instead of creating propaganda themselves, cybersecurity experts say.

The attacker abused “applications with privileged access to Microsoft Office 365 and Azure environments,” according to a Tuesday blog post by Chief Executive Officer Marcin Kleczynski. He said the attack was part of the same hacking campaign that has utilized infected software from SolarWinds Corp. to target other organizations.

Loading...

Load Error

“After an extensive investigation, we determined the attacker only gained access to a limited subset of internal company emails. We found no evidence of unauthorized access or compromise in any of our internal on-premises and production environments,” Kleczynski wrote.

U.S. intelligence agencies and the FBI have said the recent hacking campaign — which was found and disclosed by the cybersecurity firm FireEye Inc. in December — was likely undertaken by Russia. In many instances, attackers broke into systems through a compromised version of widely used software from Texas-based SolarWinds Corp.

However, analysts have said that SolarWinds’s software wasn’t the only method the suspected Russian hackers used to breach networks. On Tuesday, the firm Symantec discovered a new form of malware used in the attack that wasn’t delivered through SolarWinds, suggesting the hack could be broader than previously understood. The firm CrowdStrike Inc. said the hackers had attempted to break into their networks by compromising a third-party vendor that resells Microsoft services. If a reseller is breached and has access to a client’s credentials, the attacker could then hack into the client’s networks.

On Dec. 15,…

Source…