Security News > 2021 > January > Mimecast Certificate Hacked in Microsoft Email Supply-Chain Attack
"First, if the stolen certificate was used for Mimecast customers to verify the validity of the servers their users' connect to, it would allow an attacker that was able to man-in-the middle the user to server connection to easily decrypt the encrypted data stream and access potentially sensitive information."
Kevin Bocek, vice president of security strategy and threat intelligence at Venafi, told Threatpost that attackers could also possibly disable Office 365's Mimecast protections altogether to make an email-borne attack more effective.
When reached for comment, a Mimecast spokesperson only said, "Our investigation is ongoing and we don't have anything additional to share at this time. All updates from Mimecast will be delivered through our blog."
In the meantime, Mimecast has issued a new certificate and is urging users to re-establish their connections with the fresh authentication.
Researchers speaking anonymously to Reuters about the Mimecast incident told the outlet that they suspected the same advanced persistent threat responsible for the SolarWinds supply-chain attack is at work here.
"The attack against Mimecast and their secure connection to Microsoft's Office 365 infrastructure appears to be the work of the same sophisticated attackers that breached SolarWinds and multiple government agencies," Saryu Nayyar, CEO at Gurucul, said via email.
News URL
https://threatpost.com/mimecast-certificate-microsoft-supply-chain-attack/162965/
Related news
- LottieFiles hacked in supply chain attack to steal users’ crypto (source)
- LottieFiles hit in npm supply chain attack targeting users' crypto (source)
- LottieFiles supply chain attack exposes users to malicious crypto wallet drainer (source)
- VEILDrive Attack Exploits Microsoft Services to Evade Detection and Distribute Malware (source)
- Microsoft Exchange adds warning to emails abusing spoofing flaw (source)
- Microsoft patches Windows zero-day exploited in attacks on Ukraine (source)
- Microsoft 365 Admin portal abused to send sextortion emails (source)
- Warning: Over 2,000 Palo Alto Networks Devices Hacked in Ongoing Attack Campaign (source)
- Blue Yonder ransomware attack disrupts grocery store supply chain (source)
- Microsoft Fixes AI, Cloud, and ERP Security Flaws; One Exploited in Active Attacks (source)