It seems a particular group of malicious hackers are hell-bent on shaking the foundation of trust many network and cybersecurity providers have worked to create as of late. In another bid to not only scrape for intellectual property and correspondence (RE any application development credentials), but to demonstrate its prowess in choosing targets of the average infosec professional’s household brand names, whoever is behind these attacks are making one thing clear: they’re out to make a name for themselves.
As you might be growing tired of hearing “SolarWinds Orion” in trending posts, it seems the same group is making a somewhat snarky point attacking valuable cybersecurity names. And they’re taking a lot of intellectual property with them.
Originally reported on Wednesday by threatpost.com, it seems Malwarebytes got bitten by malware leveraging vulnerabilities in applications integrated with Microsoft 365 and Azure environments. Leveraging these apps’ API calls to Microsoft 365’s hosted service sprung a red flag with Microsoft’s Security Response Center.
While the damage done was minimal (no internal penetrations were found) the implications are concerning. What was the reason behind this attack? Perhaps they were just feeling around for where internal application development environments might be addressed… or maybe they were testing security hardness in preparation for a larger effort in obtaining additional security tools favored by the industry’s red teams.
Since this most recent attack bears with it a similar methodology used by the SolarWinds APT, it indicates the same group is mounting a campaign of attacks aimed at gathering intelligence resources to fill the gaps in its capability infrastructure. This lays bare many of the tools-of-the-trade and foments a sort of arms-race for the development of security hardness across the industry.