Security News > 2021 > January > Mimecast Certificate Hacked in Microsoft Email Supply-Chain Attack
"First, if the stolen certificate was used for Mimecast customers to verify the validity of the servers their users' connect to, it would allow an attacker that was able to man-in-the middle the user to server connection to easily decrypt the encrypted data stream and access potentially sensitive information."
Kevin Bocek, vice president of security strategy and threat intelligence at Venafi, told Threatpost that attackers could also possibly disable Office 365's Mimecast protections altogether to make an email-borne attack more effective.
When reached for comment, a Mimecast spokesperson only said, "Our investigation is ongoing and we don't have anything additional to share at this time. All updates from Mimecast will be delivered through our blog."
In the meantime, Mimecast has issued a new certificate and is urging users to re-establish their connections with the fresh authentication.
Researchers speaking anonymously to Reuters about the Mimecast incident told the outlet that they suspected the same advanced persistent threat responsible for the SolarWinds supply-chain attack is at work here.
"The attack against Mimecast and their secure connection to Microsoft's Office 365 infrastructure appears to be the work of the same sophisticated attackers that breached SolarWinds and multiple government agencies," Saryu Nayyar, CEO at Gurucul, said via email.
News URL
https://threatpost.com/mimecast-certificate-microsoft-supply-chain-attack/162965/
Related news
- Microsoft Detects Growing Use of File Hosting Services in Business Email Compromise Attacks (source)
- LottieFiles hacked in supply chain attack to steal users’ crypto (source)
- U.K. Hacker Charged in $3.75 Million Insider Trading Scheme Using Hacked Executive Emails (source)
- Microsoft fixes Outlook email sending issue for users with many folders (source)
- DOJ, Microsoft seize 107 domains used in Russia's Star Blizzard phishing attacks (source)
- Over 4,000 Adobe Commerce, Magento shops hacked in CosmicSting attacks (source)
- Microsoft and DOJ disrupt Russian FSB hackers' attack infrastructure (source)
- Over 5,000 Fake Microsoft Notifications Fueling Email Compromise Campaigns (source)
- Microsoft issues 117 patches – some for flaws already under attack (source)
- Microsoft Outlook bug blocks email logins, causes app crashes (source)