Cloud-based email security provider Mimecast says a sophisticated cyber actor has compromised a digital certificate it uses to authenticate connections between its products and Microsoft cloud servers.
In a Tuesday post, the company said it was recently informed by Microsoft that “significant threat actor” compromised a certificate it issued to certain customers to authenticate Mimecast Sync and Recover, Continuity Monitor and IEP products to Microsoft 365 Exchange Web Services.
Mimecast is now asking its customers to delete the existing connection within their Microsoft 365 tenant and re-establish a new certificate-based connection using the new certificate it had made available.
According to the company, about 10% of its customers use this compromised connection. Further, there are only a “low single digit number” of its customers that were targeted.
Deleting the existing connection and re-establishing a new certificate-based connection won’t impact inbound or outbound mail flow or scanning, the company says.
Read Next: US Department of Justice Says SolarWinds Hackers Viewed Internal Emails
“The security of our customers is always our top priority,” Mimecast’s statement says. “We have engaged a third-party forensics expert to assist in our investigation, and we will work closely with Microsoft and law enforcement as appropriate.”
The company’s four-paragraph statement provided no further details, but new reporting from Reuters suggests that the hackers responsible for the Mimecast compromise could be the same behind the SolarWinds supply chain compromise.
“Three cybersecurity investigators, who spoke on condition of anonymity to discuss details of an ongoing probe, told Reuters they suspected the hackers who compromised Mimecast were the same group that broke into U.S. software maker SolarWinds and a host of sensitive U.S. government agencies,” Reuters reported.
Hackers were able to compromise SolarWinds’ Orion IT management platform with malicious code that gave hackers access to nearly 18,000 of its customers, though the targets of the suspected Russian hacking group are so far highly targeted within government, higher education and technology sectors.
Leave a Reply