Security News > 2021 > January > Mimecast Certificate Hacked in Microsoft Email Supply-Chain Attack
"First, if the stolen certificate was used for Mimecast customers to verify the validity of the servers their users' connect to, it would allow an attacker that was able to man-in-the middle the user to server connection to easily decrypt the encrypted data stream and access potentially sensitive information."
Kevin Bocek, vice president of security strategy and threat intelligence at Venafi, told Threatpost that attackers could also possibly disable Office 365's Mimecast protections altogether to make an email-borne attack more effective.
When reached for comment, a Mimecast spokesperson only said, "Our investigation is ongoing and we don't have anything additional to share at this time. All updates from Mimecast will be delivered through our blog."
In the meantime, Mimecast has issued a new certificate and is urging users to re-establish their connections with the fresh authentication.
Researchers speaking anonymously to Reuters about the Mimecast incident told the outlet that they suspected the same advanced persistent threat responsible for the SolarWinds supply-chain attack is at work here.
"The attack against Mimecast and their secure connection to Microsoft's Office 365 infrastructure appears to be the work of the same sophisticated attackers that breached SolarWinds and multiple government agencies," Saryu Nayyar, CEO at Gurucul, said via email.
News URL
https://threatpost.com/mimecast-certificate-microsoft-supply-chain-attack/162965/
Related news
- Hackers Hijack GitHub Accounts in Supply Chain Attack Affecting Top-gg and Others (source)
- 17,000+ Microsoft Exchange servers in Germany are vulnerable to attack, BSI warns (source)
- Microsoft warns Gmail blocks some Outlook email as spam, shares fix (source)
- Microsoft still unsure how hackers stole MSA key in 2023 Exchange attack (source)
- XZ Utils Supply Chain Attack: A Threat Actor Spent Two Years to Implement a Linux Backdoor (source)
- Microsoft fixes two Windows zero-days exploited in malware attacks (source)
- Microsoft breach allowed Russian spies to steal emails from US government (source)
- Roku warns 576,000 accounts hacked in new credential stuffing attacks (source)
- Week in review: Palo Alto Networks firewalls under attack, Microsoft patches two exploited zero-days (source)
- Microsoft will limit Exchange Online bulk emails to fight spam (source)