Malwarebytes assures its anti-malware users, however, that it conducted an extensive investigation and determined that the attackers only gained access to a limited subset of internal company emails. Upon examining its source code and reverse engineering its software, it found no evidence of unauthorized access. Malwarebytes stresses that it doesn’t use Microsoft’s Azure cloud services and that its software remains safe to use.
The SolarWinds hack started sometime in March after attackers breached the company’s Orion network management tools. They used a vulnerability in that product to infiltrate the systems of SolarWinds’ customers, including Microsoft, the DOJ and the US Department of Energy and National Nuclear Security Administration. Representatives from the FBI, NSA and Cybersecurity and Infrastructure Security Agency recently published a joint statement naming Russia as the most likely entity behind the hacks.