Malwarebytes. säkerhetsföretaget säger nu att de har hackats av sannolikt samma individer som ligger bakom det stora, omfattande Solwarwinds intrånget.
Intrånget begicks någon fång under december och hackarna tros ha tagit sig in via Office 365 och molnlösningen Azure.
We received information from the Microsoft Security Response Center on December 15 about suspicious activity from a third-party application in our Microsoft Office 365 tenant consistent with the tactics, techniques and procedures (TTPs) of the same advanced threat actor involved in the SolarWinds attacks.
We immediately activated our incident response group and engaged Microsoft’s Detection and Response Team (DART). Together, we performed an extensive investigation of both our cloud and on-premises environments for any activity related to the API calls that triggered the initial alert. The investigation indicates the attackers leveraged a dormant email protection product within our Office 365 tenant that allowed access to a limited subset of internal company emails. We do not use Azure cloud services in our production environments.
Suspekt
Malwarebytes säger att de gått igenom källkod och alla de delar som ingår i tjänster och produkter utan att kunna hitta något suspekt eller onormalt.
0 kommentarer