Security Experts:

Connect with us

Hi, what are you looking for?



More Cybersecurity Firms Confirm Being Hit by SolarWinds Hack

Cybersecurity companies Mimecast and Qualys have apparently been targeted by the threat actor that breached the systems of IT management solutions provider SolarWinds as part of a sophisticated supply chain attack. Fidelis Cybersecurity has also confirmed being hit, but it’s unclear if it was specifically targeted.

Cybersecurity companies Mimecast and Qualys have apparently been targeted by the threat actor that breached the systems of IT management solutions provider SolarWinds as part of a sophisticated supply chain attack. Fidelis Cybersecurity has also confirmed being hit, but it’s unclear if it was specifically targeted.

Email security company Mimecast reported a couple of weeks ago that a sophisticated threat group had obtained a certificate provided to certain customers for authenticating its products with Microsoft 365 services. The company had learned about the incident from Microsoft.

Some experts believed at the time that the incident may be related to the SolarWinds breach, and Mimecast on Tuesday confirmed that the theft of the certificate was indeed related to the SolarWinds software compromise and carried out by the same hackers.

“Our investigation also showed that the threat actor accessed, and potentially exfiltrated, certain encrypted service account credentials created by customers hosted in the United States and the United Kingdom. These credentials establish connections from Mimecast tenants to on-premise and cloud services, which include LDAP, Azure Active Directory, Exchange Web Services, POP3 journaling, and SMTP-authenticated delivery routes,” Mimecast said in a blog post.

It added, “Although we are not aware that any of the encrypted credentials have been decrypted or misused, we are advising customers hosted in the United States and United Kingdom to take precautionary steps to reset their credentials.”

Continuous Updates: Everything You Need to Know About the SolarWinds Attack

SolarWinds said roughly 18,000 customers received a piece of malware named Sunburst through malicious updates for its Orion monitoring product, and a few hundred private and government organizations that represented an interest to the attackers received additional payloads. An analysis of command and control mechanisms used by Sunburst has allowed researchers to determine which organizations may have been specifically targeted by the hackers.

Based on such analysis, network forensics and security firm NETRESEC reported on Monday that one previously unidentified target of the SolarWinds hackers was information security and compliance company Qualys.

Qualys confirmed to SecurityWeek that it did find trojanized Orion software on its systems, but claimed impact was limited.

“As part of our standard research and engineering process our researchers downloaded and installed the impacted version of SolarWinds Orion software in a sandbox environment for evaluation. This sandbox environment is completely segregated from our production and customer data environments,” Qualys said. “Our security team conducted a detailed investigation and has confirmed there was no impact on our production environment.”

The analysis conducted by NETRESEC revealed nearly two dozen targets, including some major companies that have confirmed being hit, as well as several U.S. government organizations.

NETRESEC also uncovered data referencing “hq.fidelis,” which could be related to Fidelis Cybersecurity, a firm that provides threat detection and response solutions. Fidelis revealed on Tuesday that it also received a trojanized Orion update, but it currently does not believe that the attackers were able to deliver second-stage payloads. The company did not use SolarWinds products, but they were present on one machine as part of a software evaluation.

Other cybersecurity solutions providers that were targeted in the SolarWinds hack include Malwarebytes, FireEye, Palo Alto Networks, CrowdStrike, Microsoft, and Cisco. These companies either said that the attackers failed to achieve their goal or that impact was limited.

Related: SolarLeaks: Files Allegedly Obtained in SolarWinds Hack Offered for Sale

Related: Class Action Lawsuit Filed Against SolarWinds Over Hack

Related: SolarWinds Taps Firm Started by Ex-CISA Chief Chris Krebs, Former Facebook CSO Alex Stamos

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...


The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


WASHINGTON - Cyberattacks are the most serious threat facing the United States, even more so than terrorism, according to American defense experts. Almost half...

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...