Mimecast: Recent Certificate Compromise Tied to SolarWinds AttacksMimecast: Recent Certificate Compromise Tied to SolarWinds Attacks
Yet another security firm hit in the sweeping attack campaign believed to be out of Russia.
January 27, 2021
Email security provider Mimecast today confirmed that the recently revealed compromise of a Mimecast-issued certificate for some of its products indeed stemmed from the SolarWinds attack campaign.
Mimecast earlier this month disclosed that an attacker had compromised a certificate provided to certain customers to authenticate Mimecast products to Microsoft 365 Exchange Web Services. The security vendor, which first learned of the breach from Microsoft, recommended that its affected customers delete the existing connection in their Microsoft 365 tenant and set up a new certificate-based connection with newly issued keys.
"Our investigation has now confirmed that this incident is related to the SolarWinds Orion software compromise and was perpetrated by the same sophisticated threat actor," Mimecast said in blog post today.
"Our investigation also showed that the threat actor accessed, and potentially exfiltrated, certain encrypted service account credentials created by customers hosted in the United States and the United Kingdom. These credentials establish connections from Mimecast tenants to on-premise and cloud services, which include LDAP, Azure Active Directory, Exchange Web Services, POP3 journaling, and SMTP-authenticated delivery routes," the company said.
Read more here.
About the Author(s)
You May Also Like
Modern Supply Chain Security: Integrated, Interconnected, and Context-DrivenNov 06, 2023
How to Combat the Latest Cloud Security ThreatsNov 06, 2023
Reducing Cyber Risk in Enterprise Email Systems: It's Not Just Spam and PhishingNov 01, 2023
SecOps & DevSecOps in the CloudNov 06, 2023
What's In Your Cloud?Nov 30, 2023