Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Mimecast Discloses Certificate Incident Possibly Related to SolarWinds Hack

Email security company Mimecast on Tuesday revealed that a sophisticated threat actor had obtained a certificate provided to certain customers.

Email security company Mimecast on Tuesday revealed that a sophisticated threat actor had obtained a certificate provided to certain customers.

According to Mimecast, it learned from Microsoft that hackers had compromised a certificate used to authenticate Mimecast Continuity Monitor, Internal Email Protect (IEP), and Sync and Recover products with Microsoft 365 Exchange Web Services.

“As a precaution, we are asking the subset of Mimecast customers using this certificate-based connection to immediately delete the existing connection within their M365 tenant and re-establish a new certificate-based connection using the new certificate we’ve made available,” Mimecast said in a statement. “Taking this action does not impact inbound or outbound mail flow or associated security scanning.”

The company has not shared any details about the attacks abusing the compromised certificate, but some experts have speculated that the certificate may have allowed the hackers to intercept Mimecast customers’ communications.

Mimecast did say that roughly 10 percent of its customers used the impacted connection. The company claims to have over 36,000 customers across more than 100 countries, but the incident is believed to have impacted only “a low single digit number” of its customers’ Microsoft 365 tenants.

Mimecast said affected customers have been alerted and a third-party forensics firm has been called in to help investigate the incident.

According to Reuters, people with knowledge of the situation believe this incident may be related to the recently disclosed supply chain attack involving Texas-based IT management solutions provider SolarWinds.

The SolarWinds attack resulted in trojanized software updates being delivered to roughly 18,000 of the company’s customers. The attackers then delivered other payloads to a few hundred government and private organizations that presented an interest.

Advertisement. Scroll to continue reading.

The attack on SolarWinds is believed to be the work of Russian cyberspies. The U.S. government said Russia is likely behind the attack and the malware used in the SolarWinds attack has been connected to a known Russian cyberspy group.

Related: ‘Sunspot’ Malware Used to Insert Backdoor Into SolarWinds Product in Supply Chain Attack

Related: Hackers Using Stolen D-Link Certificates for Malware Signing

Related: Comodo Issued Most Certificates for Signed Malware on VirusTotal

Related: Sectigo Revokes Certificates Used to Sign Malware Following Recent Report

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this event as we dive into threat hunting tools and frameworks, and explore value of threat intelligence data in the defender’s security stack.

Register

Learn how integrating BAS and Automated Penetration Testing empowers security teams to quickly identify and validate threats, enabling prompt response and remediation.

Register

People on the Move

David Currie, former CISO of Nubank and Klarna, has been appointed CEO of Vaultree.

Chris Burger has been named Chief Information Security Officer at F5.

Bedrock Security has appointed George Gerchow as Chief Security Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.