Mimecast Breach Linked To SolarWinds Hack, Allowed Cloud Services Access
Mimecast said Tuesday that its certificate compromise was carried out by the same threat actor behind the SolarWinds attack and provided hackers with access to customers’ on-premises and cloud services. By Michael Novinson January 26, 2021, 10:24 AM EST
Mimecast’s certificate compromise was carried out by the same threat actor behind the SolarWinds attack and gave hackers access to customers’ on-premises and cloud services.
The Lexington, Mass.-based email security vendor said the SolarWinds hackers accessed and potentially exfiltrated encrypted customer service account credentials that established a connection from their Mimecast tenants to on-premises and cloud services. Federal officials said Jan. 5 the SolarWinds hack was carried out by a Russian Advanced Persistent Threat group for intelligence-gathering purposes.
SolarWinds Hackers Access Malwarebytes’ Office 365 Emails
‘Attackers leveraged a dormant email production product within our Office 365 tenant that allowed access to a limited subset of internal company emails,’ Malwarebytes CEO Marcin Kleczynski wrote in a blog post. By Michael Novinson January 20, 2021, 11:48 AM EST
The Russian hackers behind the massive SolarWinds attack gained access to a limited subset of Malwarebytes’ internal company emails stored in Microsoft Office 365.
The Santa Clara, Calif.-based endpoint security vendor said it received information Dec. 15 from the Microsoft Security Response Center about suspicious activity from a third-party application in its Office 365 tenant, Malwarebytes CEO Marcin Kleczynski wrote in a blog post Tuesday. The suspicious activity was consistent with the tactics, techniques of procedures of the hacker behind the SolarWinds attack.
Plus: Watch out for NTFS-corrupting folder, Mimecast hack, and more Share
Copy
In brief Last week ended with news that the venerable infosec mailing list Bugtraq was being shutdown at the end of the month.
From its first posts in November 1993, Bugtraq aimed to get details of vulnerabilities, as well as defence and exploitation techniques, onto netizens radar, and discussed among admins and security researchers. Posts to this once high-volume Symantec-owned list stopped on February 22 last year, and now we know why – a lack of funding and resources. Assets of Symantec were acquired by Broadcom in late 2019, and some of those assets were then acquired by Accenture in 2020, an email from the list administrators read.
Get Permission
Email security provider Mimecast says hackers compromised a digital certificate that encrypts data that moves between several of its products and Microsoft’s servers, putting organizations at risk of data loss.
The certificate, which is issued by Mimecast, encrypts data exchanged between the company’s Sync and Recover, Continuity Monitor and Internal Email Protect products and Microsoft 365 Exchange Web Services.
Mimecast, which is based in London, says that 10% of its customers, or about 3,900, use this type of connection between its products and Microsoft. In its last earnings call in November 2020, Mimecast reported it has 39,200 customers around the world.