Cybersecurity company Malwarebytes said on Tuesday that some of its emails were breached by the same hackers who used the software company SolarWinds to hack into a series of US government agencies.
In a statement, the Santa Clara, California-based company said that while it did not use software made by SolarWinds, the software company at the center of the breach, it had been successfully targeted by the same set of hackers using a different technique.
They got in by gaining access to the company’s Microsoft Office 365 and Microsoft Azure environments, the company said.
Malwarebytes said the hack gave the spies access to “a limited subset of internal company emails” but that it found no evidence of unauthorized access or compromise of its production environments - which could have had a potentially catastrophic impact because the company’s security products are used by millions of people.
“Our software remains safe to use,” the company’s statement said.
The disclosure was the latest in a series of announcements by digital security firms that they were either compromised or targeted by the hackers, who the US government has judged to be “likely Russian in origin.”
The SolarWinds hackers have previously been accused of stealing hacking tools from cybersecurity firm FireEye, accessed an unspecified number of source code repositories at Microsoft and hijacked digital certificates used by email defense firm Mimecast.
Cybersecurity firm CrowdStrike said late last month that it too had recently discovered that an advanced hacking group tried to steal its emails, although it said the attempt was unsuccessful.
CrowdStrike did not identify the hackers involved. But two people familiar with CrowdStrike’s investigation said they were the same suspected Russian hackers accused of breaching SolarWinds.
Russia has denied any involvement in the hacking spree.