We found no evidence of unauthorized access or compromise in any of our internal on-premises and production environments. After an extensive investigation, we determined the attacker only gained access to a limited subset of internal company emails. We can confirm the existence of another intrusion vector that works by abusing applications with privileged access to Microsoft Office 365 and Azure environments. While Malwarebytes does not use SolarWinds, we, like many other companies were recently targeted by the same threat actor. We first reported on the event in our December 14 blog and notified our business customers using SolarWinds asking them to take precautionary measures. A nation state attack leveraging software from SolarWinds has caused a ripple effect throughout the security industry, impacting multiple organizations.