Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

More Cybersecurity Firms Confirm Being Hit by SolarWinds Hack

Cybersecurity companies Mimecast and Qualys have apparently been targeted by the threat actor that breached the systems of IT management solutions provider SolarWinds as part of a sophisticated supply chain attack. Fidelis Cybersecurity has also confirmed being hit, but it’s unclear if it was specifically targeted.

Cybersecurity companies Mimecast and Qualys have apparently been targeted by the threat actor that breached the systems of IT management solutions provider SolarWinds as part of a sophisticated supply chain attack. Fidelis Cybersecurity has also confirmed being hit, but it’s unclear if it was specifically targeted.

Email security company Mimecast reported a couple of weeks ago that a sophisticated threat group had obtained a certificate provided to certain customers for authenticating its products with Microsoft 365 services. The company had learned about the incident from Microsoft.

Some experts believed at the time that the incident may be related to the SolarWinds breach, and Mimecast on Tuesday confirmed that the theft of the certificate was indeed related to the SolarWinds software compromise and carried out by the same hackers.

“Our investigation also showed that the threat actor accessed, and potentially exfiltrated, certain encrypted service account credentials created by customers hosted in the United States and the United Kingdom. These credentials establish connections from Mimecast tenants to on-premise and cloud services, which include LDAP, Azure Active Directory, Exchange Web Services, POP3 journaling, and SMTP-authenticated delivery routes,” Mimecast said in a blog post.

It added, “Although we are not aware that any of the encrypted credentials have been decrypted or misused, we are advising customers hosted in the United States and United Kingdom to take precautionary steps to reset their credentials.”

Continuous Updates: Everything You Need to Know About the SolarWinds Attack

SolarWinds said roughly 18,000 customers received a piece of malware named Sunburst through malicious updates for its Orion monitoring product, and a few hundred private and government organizations that represented an interest to the attackers received additional payloads. An analysis of command and control mechanisms used by Sunburst has allowed researchers to determine which organizations may have been specifically targeted by the hackers.

Based on such analysis, network forensics and security firm NETRESEC reported on Monday that one previously unidentified target of the SolarWinds hackers was information security and compliance company Qualys.

Advertisement. Scroll to continue reading.

Qualys confirmed to SecurityWeek that it did find trojanized Orion software on its systems, but claimed impact was limited.

“As part of our standard research and engineering process our researchers downloaded and installed the impacted version of SolarWinds Orion software in a sandbox environment for evaluation. This sandbox environment is completely segregated from our production and customer data environments,” Qualys said. “Our security team conducted a detailed investigation and has confirmed there was no impact on our production environment.”

The analysis conducted by NETRESEC revealed nearly two dozen targets, including some major companies that have confirmed being hit, as well as several U.S. government organizations.

NETRESEC also uncovered data referencing “hq.fidelis,” which could be related to Fidelis Cybersecurity, a firm that provides threat detection and response solutions. Fidelis revealed on Tuesday that it also received a trojanized Orion update, but it currently does not believe that the attackers were able to deliver second-stage payloads. The company did not use SolarWinds products, but they were present on one machine as part of a software evaluation.

Other cybersecurity solutions providers that were targeted in the SolarWinds hack include Malwarebytes, FireEye, Palo Alto Networks, CrowdStrike, Microsoft, and Cisco. These companies either said that the attackers failed to achieve their goal or that impact was limited.

Related: SolarLeaks: Files Allegedly Obtained in SolarWinds Hack Offered for Sale

Related: Class Action Lawsuit Filed Against SolarWinds Over Hack

Related: SolarWinds Taps Firm Started by Ex-CISA Chief Chris Krebs, Former Facebook CSO Alex Stamos

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

Cybercrime

Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.

CISO Conversations

Joanna Burkey, CISO at HP, and Kevin Cross, CISO at Dell, discuss how the role of a CISO is different for a multinational corporation...