Security News > 2021 > March > Mimecast: SolarWinds hackers used Sunburst malware for initial intrusion
Email security company Mimecast has confirmed today that the state-sponsored SolarWinds hackers who breached its network earlier this year downloaded source code out of a limited number of repositories.
To breach Mimecast's network, the attackers used the Sunburst backdoor, a malware distributed by the SolarWinds hackers to roughly 18,000 SolarWinds customers using the compromised auto-update mechanism of the SolarWinds Orion IT monitoring platform.
The company believes that the source code exfiltrated by the attackers is incomplete and insufficient to develop a working version of the Mimecast service.
During the investigation, Mimecast discovered additional access methods established by the SolarWinds hackers to maintain access to compromised Windows systems on the company's production grid environment.
Mimecast reset all "Affected hashed and salted credentials" after also recommending customers hosted in the US and the UK to reset any server connection credentials they use on the Mimecast platform.
Around the time Mimecast disclosed their breach, cybersecurity firm Malwarebytes also confirmed that the SolarWinds hackers could access some internal company emails.
News URL
Related news
- Russian Hackers Using Fake Brand Sites to Spread DanaBot and StealC Malware (source)
- Hackers use PHP exploit to backdoor Windows systems with new malware (source)
- South Korean hackers exploited WPS Office zero-day to deploy malware (source)
- Hackers Use Fake GlobalProtect VPN Software in New WikiLoader Malware Attack (source)
- Fake OnlyFans cybercrime tool infects hackers with malware (source)
- GeoServer Vulnerability Targeted by Hackers to Deliver Backdoors and Botnet Malware (source)
- Chinese hackers use new data theft malware in govt attacks (source)
- North Korean Hackers Target Cryptocurrency Users on LinkedIn with RustDoor Malware (source)
- North Korean Hackers Target Energy and Aerospace Industries with New MISTPEN Malware (source)
- Chinese Hackers Exploit GeoServer Flaw to Target APAC Nations with EAGLEDOOR Malware (source)