Email security provider Mimecast today confirmed that the recently revealed compromise of a Mimecast-issued certificate for some of its products indeed stemmed from the SolarWinds attack campaign.
Mimecast earlier this month disclosed that an attacker had compromised a certificate provided to certain customers to authenticate Mimecast products to Microsoft 365 Exchange Web Services. The security vendor, which first learned of the breach from Microsoft, recommended that its affected customers delete the existing connection in their Microsoft 365 tenant and set up a new certificate-based connection with newly issued keys.
"Our investigation has now confirmed that this incident is related to the SolarWinds Orion software compromise and was perpetrated by the same sophisticated threat actor," Mimecast said in blog post today.
"Our investigation also showed that the threat actor accessed, and potentially exfiltrated, certain encrypted service account credentials created by customers hosted in the United States and the United Kingdom. These credentials establish connections from Mimecast tenants to on-premise and cloud services, which include LDAP, Azure Active Directory, Exchange Web Services, POP3 journaling, and SMTP-authenticated delivery routes," the company said.
Read more here.