Security News > 2021 > January > Mimecast Certificate Hacked in Microsoft Email Supply-Chain Attack

"First, if the stolen certificate was used for Mimecast customers to verify the validity of the servers their users' connect to, it would allow an attacker that was able to man-in-the middle the user to server connection to easily decrypt the encrypted data stream and access potentially sensitive information."

Kevin Bocek, vice president of security strategy and threat intelligence at Venafi, told Threatpost that attackers could also possibly disable Office 365's Mimecast protections altogether to make an email-borne attack more effective.

When reached for comment, a Mimecast spokesperson only said, "Our investigation is ongoing and we don't have anything additional to share at this time. All updates from Mimecast will be delivered through our blog."

In the meantime, Mimecast has issued a new certificate and is urging users to re-establish their connections with the fresh authentication.

Researchers speaking anonymously to Reuters about the Mimecast incident told the outlet that they suspected the same advanced persistent threat responsible for the SolarWinds supply-chain attack is at work here.

"The attack against Mimecast and their secure connection to Microsoft's Office 365 infrastructure appears to be the work of the same sophisticated attackers that breached SolarWinds and multiple government agencies," Saryu Nayyar, CEO at Gurucul, said via email.

News URL

https://threatpost.com/mimecast-certificate-microsoft-supply-chain-attack/162965/