SolarWinds Attack Underscores 'New Dimension' in Cyber-Espionage Tactics Meanwhile, Malwarebytes is the latest victim, Symantec discovers a fourth piece of malware used in the massive attack campaign, and FireEye Mandiant releases a free tool to help spot signs of the attack. The complex cyberattack campaign against major US government agencies and corporations including Microsoft and FireEye has driven home the reality of how attackers are setting their sights on targets' cloud-based services such as Microsoft 365 and Azure Active Directory to access user credentials — and ultimately the organizations' most valuable and timely information. Today Malwarebytes revealed that it, too, was compromised by the same attackers who infected SolarWinds' Orion network management software to reach many of the targets in the campaign — but via a different attack vector that gained privileged access to 365 and Azure. "After an extensive investigation, we determined the attacker only gained access to a limited subset of internal company emails. We found no evidence of unauthorized access or compromise in any of our internal on-premises and production environments," said Marcin Kleczynski, CEO and co-founder of Malwarebytes, said today in a blog post disclosing the breach, noting that Malwarebytes is not a SolarWinds customer.