Mimecast: Recent Certificate Compromise Tied to SolarWinds Attacks

Yet another security firm hit in the sweeping attack campaign believed to be out of Russia.

Dark Reading Staff, Dark Reading

January 27, 2021

1 Min Read

Email security provider Mimecast today confirmed that the recently revealed compromise of a Mimecast-issued certificate for some of its products indeed stemmed from the SolarWinds attack campaign.

Mimecast earlier this month disclosed that an attacker had compromised a certificate provided to certain customers to authenticate Mimecast products to Microsoft 365 Exchange Web Services. The security vendor, which first learned of the breach from Microsoft, recommended that its affected customers delete the existing connection in their Microsoft 365 tenant and set up a new certificate-based connection with newly issued keys.

"Our investigation has now confirmed that this incident is related to the SolarWinds Orion software compromise and was perpetrated by the same sophisticated threat actor," Mimecast said in blog post today.

"Our investigation also showed that the threat actor accessed, and potentially exfiltrated, certain encrypted service account credentials created by customers hosted in the United States and the United Kingdom. These credentials establish connections from Mimecast tenants to on-premise and cloud services, which include LDAP, Azure Active Directory, Exchange Web Services, POP3 journaling, and SMTP-authenticated delivery routes," the company said.

Read more here.

About the Author(s)

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights