HomeWinBuzzer NewsMalwarebytes Confirms SolarWinds-Related Attack Through Microsoft 365 and Azure

Malwarebytes Confirms SolarWinds-Related Attack Through Microsoft 365 and Azure

Security company Malwarebytes says it has been targeted by a SolarWinds-related attack coming from Microsoft services.


Major security and antivirus firm Malwarebytes says it was a victim of the recent breach through the Solarigate malware. Since last year, the state-backed breach has targeted users of the SolarWinds app Orion, including , , and government organizations.

In an official blog post, Malwarebytes points out it is not a user of SolarWinds apps. However, the company was breached through another vector that has already been compromised. The attack came from already breached apps that had access to and Azure services. Malwarebytes does use those two Microsoft services.

Attackers were able to access “a limited subset of internal company emails” but not any production systems.

Malwarebytes worked directly with the Microsoft Detection and Response Team (DART) to find the attack, says CEO Marcin Klecynski:

“Together, we performed an extensive investigation of both our cloud and on-premises environments for any activity related to the API calls that triggered the initial alert. The investigation indicates the attackers leveraged a dormant email protection product within our Office 365 tenant that allowed access to a limited subset of internal company emails.”

Moving forward, Malwarebytes says it is working with other security firms to share information. It is hoped it will become easier to mitigate Solarigate attacks and find responses that work to stop breaches.


Earlier this month, the U.S. Department of Justice confirmed a Microsoft 365 breach related to the SolarWinds attack. According to the government agency, the breach left 3% of its mailbox vulnerable. However, no classified information was stolen during the attack.

While the Solarigate malware can be delivered through Microsoft services, it is not caused by them. Russia-backed threat actors used the avsvmcloud.com website to host a server for the Solorigate malware. The infection was sent to 18,000 SolarWinds Orion customers. Many of those users are major organizations and government departments.

Last month, Microsoft President Brad Smith said the attack creates “serious technological vulnerability for the United States and the world”.

Also in December, the and Infrastructure Security Agency (CISA) debuted a PowerShell tool to help Microsoft 365 customers mitigate Solarigate. Microsoft had recently confirmed stolen Azure/Microsoft 365 credentials and access tokens were a part of the breach.

Tip of the day:

Did you know that a virtual drive on can help you with disk management for various reasons? A virtual drive is just simulated by the platform as a separate drive while the holding file might be stored anywhere on your system .

The data in the drive is available in files or folders, which are represented by software in the operating system as a drive. In our tutorial we show you different ways how to setup and use such virtual drives.

Luke Jones
Luke Jones
Luke has been writing about all things tech for more than five years. He is following Microsoft closely to bring you the latest news about Windows, Office, Azure, Skype, HoloLens and all the rest of their products.

Recent News