It would be possible to intercept that traffic, or possibly to infiltrate customers’ Microsoft 365 Exchange Web Services and steal information. The certificate in question was used to verify and authenticate those connections made to Mimecast’s Sync and Recover (backups for mailbox folder structure, calendar content and contacts from Exchange On-Premises or Microsoft 365 mailboxes), Continuity Monitor (looks for disruptions in email traffic) and Internal Email Protect (IEP) (inspects internally generated emails for malicious links, attachments or for sensitive content).Ī compromise means that cyberattackers could take over the connection, though which inbound and outbound mail flows, researchers said. Mimecast provides email-security services that customers can apply to their Microsoft 365 accounts by establishing a connection to Mimecast’s servers. Exfiltrated Mimecast Customer Information The compromises were first discovered in December. After that broad-brush attack, the threat actors (believed to have links to Russia) selected specific targets to further infiltrate, which they did over the course of several months.
government agencies and many others, began with a poisoned software update that delivered the Sunburst backdoor to around 18,000 organizations last spring. The SolarWinds espionage attack, which has affected several U.S. “It is clear that this incident is part of a highly sophisticated large-scale attack and is focused on specific types of information and organizations.” “Our investigation has now confirmed that this incident is related to the SolarWinds Orion software compromise and was perpetrated by the same sophisticated threat actor,” it announced. That caused speculation that the breach was related to SolarWinds, which the firm confirmed in an update this week. Mimecast joins other cybersecurity vendors like CrowdStrike, Fidelis, FireEye, Malwarebytes, Palo Alto Networks and Qualys in being targeted in the attack.Ī Mimecast-issued certificate used to authenticate some of the company’s products to Microsoft 365 Exchange Web Services had been “compromised by a sophisticated threat actor,” the email-protection company announced in mid-January. The Mimecast certificate compromise reported earlier in January is part of the sprawling SolarWinds supply-chain attack, the security firm has confirmed.