Security Experts:

Connect with us

Hi, what are you looking for?



Mimecast Discloses Certificate Incident Possibly Related to SolarWinds Hack

Email security company Mimecast on Tuesday revealed that a sophisticated threat actor had obtained a certificate provided to certain customers.

Email security company Mimecast on Tuesday revealed that a sophisticated threat actor had obtained a certificate provided to certain customers.

According to Mimecast, it learned from Microsoft that hackers had compromised a certificate used to authenticate Mimecast Continuity Monitor, Internal Email Protect (IEP), and Sync and Recover products with Microsoft 365 Exchange Web Services.

“As a precaution, we are asking the subset of Mimecast customers using this certificate-based connection to immediately delete the existing connection within their M365 tenant and re-establish a new certificate-based connection using the new certificate we’ve made available,” Mimecast said in a statement. “Taking this action does not impact inbound or outbound mail flow or associated security scanning.”

The company has not shared any details about the attacks abusing the compromised certificate, but some experts have speculated that the certificate may have allowed the hackers to intercept Mimecast customers’ communications.

Mimecast did say that roughly 10 percent of its customers used the impacted connection. The company claims to have over 36,000 customers across more than 100 countries, but the incident is believed to have impacted only “a low single digit number” of its customers’ Microsoft 365 tenants.

Mimecast said affected customers have been alerted and a third-party forensics firm has been called in to help investigate the incident.

According to Reuters, people with knowledge of the situation believe this incident may be related to the recently disclosed supply chain attack involving Texas-based IT management solutions provider SolarWinds.

The SolarWinds attack resulted in trojanized software updates being delivered to roughly 18,000 of the company’s customers. The attackers then delivered other payloads to a few hundred government and private organizations that presented an interest.

The attack on SolarWinds is believed to be the work of Russian cyberspies. The U.S. government said Russia is likely behind the attack and the malware used in the SolarWinds attack has been connected to a known Russian cyberspy group.

Related: ‘Sunspot’ Malware Used to Insert Backdoor Into SolarWinds Product in Supply Chain Attack

Related: Hackers Using Stolen D-Link Certificates for Malware Signing

Related: Comodo Issued Most Certificates for Signed Malware on VirusTotal

Related: Sectigo Revokes Certificates Used to Sign Malware Following Recent Report

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...


The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...

Application Security

PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.