Mimecast may also have been a victim of the SolarWinds hack campaign

News
By published

Compromised certificate is used by 10 percent of Mimecast's customers

Hacker Typing
(Image credit: Shutterstock)

Mimecast could also be a potential victim of the recent SolarWinds hack as the company has revealed that one of its certificates used to authenticate its products to Microsoft 365 Exchange Web Services was compromised by a sophisticated threat actor.

The email and data security company said the compromised certificate is used to authenticate its Sync and Recover, Continuity Monitor and Internal Email Protect (IEP) products. However, it wasn't Mimecast that discovered the compromised certificate but rather Microsoft.

In a blog post informing its users of the compromised certificate, Mimecast explained that 10 percent of its customers are affected, saying:

“Approximately 10 percent of our customers use this connection. Of those that do, there are indications that a low single digit number of our customers’ M365 tenants were targeted. We have already contacted these customers to remediate the issue. The security of our customers is always our top priority. We have engaged a third-party forensics expert to assist in our investigation, and we will work closely with Microsoft and law enforcement as appropriate.”

Compromised certificate

Mimecast is advising the 10 percent of its customer base using the compromised certificate to immediately delete the exiting connection within their Microsoft 365 tenant. These customers should then re-establish a new connection using a new certificate that the company has made available.

In a statement to CRN, a spokesperson from Microsoft said that it will be blocking the compromised certificate, saying:

“We can confirm that a certificate provided by Mimecast was compromised by a sophisticated actor. This certificate enables their customers to connect certain Mimecast applications to their M365 tenant. At Mimecast’s request, we are blocking this certificate on Monday, January 18, 2021.”

The reason that Mimecast may have been attacked by the same threat actor behind the SolarWinds hack is due to the fact that these hackers often add authentication tokens and credentials to Microsoft Active Directory domain accounts in order to maintain persistence on a network and to achieve privilege escalation. According to CISA, these tokens enable access to both an organization's on-premises and hosted resources.

Mimecast is currently investigating the matter further and we'll likely find out if there is a connection to the SolarWinds hack once the company's investigation is concluded.

Via CRN

TOPICS
Anthony Spadafora
Anthony Spadafora

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home. 

Latest in Security
cybersecurity
Chinese government hackers allegedly spent years undetected in foreign phone networks
Data leak
A major Keenetic router data leak could put a million households at risk
Code Skull
Interpol operation arrests 300 suspects linked to African cybercrime rings
Insecure network with several red platforms connected through glowing data lines and a black hat hacker symbol
Multiple routers hit by new critical severity remote command injection vulnerability, with no fix in sight
Code Skull
This dangerous new ransomware is hitting Windows, ARM, ESXi systems
An abstract image of a lock against a digital background, denoting cybersecurity.
Critical security flaw in Next.js could spell big trouble for JavaScript users
Latest in News
OpenAI logo
OpenAI just launched a free ChatGPT bible that will help you master the AI chatbot and Sora
Monster Hunter Wilds
Monster Hunter Wilds Title Update 1 launches in early April, adding new monsters and some of the best-looking armor sets I need to add to my collection
Zotac Gaming RTX 5090 Graphics Card
Nvidia Blackwell stock woes are compounded by price hikes as more RTX 5090 GPUs soar in pricing, and I’m sick and tired of it all at this point
A collage of Elizabeth Olsen's Scarlet Witch and Tatiana Maslany's She-Hulk
Marvel fans are already tired of Doomsday and Secret Wars cast gossip as two more superheroes get linked with roles in the next two Avengers movies
Four operators survey Verdansk. One holds a sniper rifle, one binoculars, another holds is landing with their parachute, while the last wears a skull mask
New Call of Duty: Warzone trailer shows a beautiful rebuilt Verdansk, but some fans want more: 'it won't be the same unfortunately'
An Apple Music pink/pixellated poster advertising DJ with Apple Music
DJ with Apple Music lands, allowing subscribers to build and mix DJ sets directly from its +100 million-song catalog
More about security
cybersecurity

Chinese government hackers allegedly spent years undetected in foreign phone networks
Data leak

A major Keenetic router data leak could put a million households at risk
Beelink EQi 12 mini PC

I’ve never seen a PC with an Intel Core i3 CPU, 24GB RAM, 500GB SSD and two Gb LAN ports sell for so cheap
See more latest
Most Popular
OpenAI logo
OpenAI just launched a free ChatGPT bible that will help you master the AI chatbot and Sora
Monster Hunter Wilds
Monster Hunter Wilds Title Update 1 launches in early April, adding new monsters and some of the best-looking armor sets I need to add to my collection
cybersecurity
Chinese government hackers allegedly spent years undetected in foreign phone networks
Sony WF-C710N in blue glass on beige background
Sony WF-C710 earbuds land, and I think they'll be the 2025 budget buds to beat
The RIG M2 Streamstar attached to a boom arm.
The RIG M2 Streamstar has the world's first Bluetooth audio gateway in a wired gaming microphone
Four operators survey Verdansk. One holds a sniper rifle, one binoculars, another holds is landing with their parachute, while the last wears a skull mask
New Call of Duty: Warzone trailer shows a beautiful rebuilt Verdansk, but some fans want more: 'it won't be the same unfortunately'
Data leak
A major Keenetic router data leak could put a million households at risk
A collage of Elizabeth Olsen's Scarlet Witch and Tatiana Maslany's She-Hulk
Marvel fans are already tired of Doomsday and Secret Wars cast gossip as two more superheroes get linked with roles in the next two Avengers movies
Quordle on a smartphone held in a hand
Quordle hints and answers for Wednesday, March 26 (game #1157)
NYT Strands homescreen on a mobile phone screen, on a light blue background
NYT Strands hints and answers for Wednesday, March 26 (game #388)