The email security vendor on Tuesday became one of the first SolarWinds hack victims to publicly announce they’re dumping the industry-leading Orion network monitoring platform for a competing product. Industry experts had considered it unlikely that the hack would lead to many customers getting rid of SolarWinds due to the unique visibility and monitoring features Orion offers.
SolarWinds told CRN the vast majority of its customers continue to operate the Orion Platform, and the company said it’s taking all appropriate steps to protect them. Mimecast declined to comment further on the switch from Orion to NetFlow, and Cisco and SolarWinds didn’t immediately respond to CRN USA requests for comment. Cisco NetFlow has since 1996 given visibility into how network assets are being used, with a focus on figuring out who is using the network, the destination of traffic, when the network is utilized, and the type of applications consuming bandwidth.
Hackers also managed to access a subset of email addresses and other contact information, as well as encrypted and/or hashed and salted credentials.
“In addition, the threat actor accessed and downloaded a limited number of our source code repositories, but we found no evidence of any modifications to our source code nor do we believe there was any impact on our products,” the company added.
Mimecast added that it had no evidence that the threat actor accessed email or archive content held by the company on behalf of its customers.
The company was notified by Microsoft in January that a certificate it provided to customers to authenticate Mimecast Sync and Recover, Continuity Monitor, and IEP products to Microsoft 365 Exchange Web Services had been compromised by a threat actor Microsoft was actively investigating.
iTWire Wednesday, 17 March 2021 09:58 Mimecast says source code was stolen by SolarWinds attackers Featured Pixabay
Email security firm Mimecast says a hit on its infrastructure by attackers who used the SolarWinds supply chain to gain access, went deeper than already reported, with some of the company s source code being stolen.
The company
said on Tuesday, in an update to two previous blog posts on the same topic, that the threat actor(s) had gained additional access to its production grid and compromised a number of Windows systems.
On 14 January, Mimecast issued an announcement
saying that a certificate it had issued for authentication of Mimecast Sync and Recover, Continuity Monitor, and IEP products to Microsoft 365 Exchange Web Services had been compromised.
A new Mimecast update reveals the SolarWinds hackers accessed several “limited” source code repositories.
Hackers who compromised Mimecast networks as part of the SolarWinds espionage campaign have swiped some of the security firm’s source code repositories, according to an update by the company.
The email security firm initially reported that a certificate compromise in January was part of the sprawling SolarWinds supply-chain attack that also hit Microsoft, FireEye and several U.S. government agencies.
Attackers were found initially to have stolen a subset of Mimecast customers’ email addresses and other contact information, as well as certain hashed and salted credentials. However, in the most recent part of its investigation into the SolarWinds hack, Mimecast said it has found evidence that a “limited” number of source code repositories were also accessed.
Mimecast has decommissioned its SolarWinds Orion software and replaced it with a Cisco NetFlow monitoring system after hackers compromised a Mimecast certificate used for Microsoft authentication.