Your Yello Ring Road To Success
GOOGLE LOGIN MY ADS MY SHOP

Hackers Steal Mimecast Certificate Used to Securely Connect with Microsoft 365

Mimecast said on Tuesday that “a sophisticated threat actor” had
compromised a digital certificate it provided to certain customers
to securely connect its products to Microsoft 365 (M365)
Exchange.

The discovery was made after the breach was notified by
Microsoft, the London-based company said in an alert[1]
posted on its website, adding it’s reached out to the impacted
organizations to remediate the issue.

The company didn’t elaborate on what type of certificate was
compromised, but Mimecast offers seven different digital
certificates[2] based on the
geographical location that must be uploaded to M365 to create a
server Connection in Mimecast.

“Approximately 10 percent of our customers use this connection,”
the company said. “Of those that do, there are indications that a
low single digit number of our customers’ M365 tenants were
targeted.”

Mimecast is a cloud-based email management service for Microsoft
Exchange and Microsoft Office 365, offers users email security and
continuity platform to safeguard them from spam, malware, phishing,
and targeted attacks.

The compromised certificate is used to verify and authenticate
Mimecast Sync and Recover[3], Continuity Monitor[4], and Internal Email
Protect (IEP[5]) products to M365
Exchange Web Services.

A consequence of such a breach could result in a
man-in-the-middle (MitM) attack, where an adversary could
potentially take over the connection and intercept email traffic,
and even steal sensitive information.

As a precaution to prevent future abuse, the company said it’s
asked its customers to delete the existing connection within their
M365 tenant with immediate effect and re-establish a new
certificate-based connection using the new certificate that it has
made available.

“Taking this action does not impact inbound or outbound mail
flow or associated security scanning,” Mimecast stated in its
advisory.

An investigation into the incident is ongoing, with the company
noting that it will work closely with Microsoft and law enforcement
as appropriate.

The development comes as Reuters, citing sources, said[6]
the hackers who compromised Mimecast were the same group that
breached U.S. software maker SolarWinds[7]
and a host of sensitive U.S. government agencies.

We have reached out to Mimecast for more information, and we’ll
update the story if we hear back.

References

  1. ^
    said in
    an alert     (www.mimecast.com)
  2. ^
    seven
    different digital certificates
    (community.mimecast.com)
  3. ^
    Sync and
    Recover     (community.mimecast.com)
  4. ^
    Continuity Monitor
    (community.mimecast.com)
  5. ^
    IEP
    (www.mimecast.com)
  6. ^
    said
    (www.reuters.com)
  7. ^
    SolarWinds
    (thehackernews.com)

Read more