Cybersecurity Firm Malwarebytes Hacked by 'Dark Halo,' Same Group That Breached SolarWinds Last Year - MalkamDior
It’s like a ghost hijacking, very difficult to detect - Malkam Dior - The hackers’ programming acumen let them forge the digital passports — known as certificates and tokens — needed to move around targets’ Microsoft 365 installations without logging in and authenticating identity. The same group that breached IT software company SolarWinds last year has hacked cybersecurity firm Malwarebytes, adding to the growing list of major security firms targeted by the group. In an emailed statement, a Malwarebytes spokeswoman said based on the techniques of the attack, the company believes it was "the same threat actor" that attacked SolarWinds. Malwarebytes said hackers used a weakness in the Azure Active Directory and malicious Office 365 applications to breach the company's internal systems, according to the story first reported by ZDNet . The company said the situation was not related to the SolarWinds' breach, as Malwarebytes doesn't use any
