Security News > 2021 > March > Mimecast: SolarWinds hackers used Sunburst malware for initial intrusion
Email security company Mimecast has confirmed today that the state-sponsored SolarWinds hackers who breached its network earlier this year downloaded source code out of a limited number of repositories.
To breach Mimecast's network, the attackers used the Sunburst backdoor, a malware distributed by the SolarWinds hackers to roughly 18,000 SolarWinds customers using the compromised auto-update mechanism of the SolarWinds Orion IT monitoring platform.
The company believes that the source code exfiltrated by the attackers is incomplete and insufficient to develop a working version of the Mimecast service.
During the investigation, Mimecast discovered additional access methods established by the SolarWinds hackers to maintain access to compromised Windows systems on the company's production grid environment.
Mimecast reset all "Affected hashed and salted credentials" after also recommending customers hosted in the US and the UK to reset any server connection credentials they use on the Mimecast platform.
Around the time Mimecast disclosed their breach, cybersecurity firm Malwarebytes also confirmed that the SolarWinds hackers could access some internal company emails.
News URL
Related news
- Chinese FamousSparrow hackers deploy upgraded malware in attacks (source)
- North Korean Hackers Deploy BeaverTail Malware via 11 Malicious npm Packages (source)
- Chinese Hackers Target Linux Systems Using SNOWLIGHT Malware and VShell Tool (source)
- State-Sponsored Hackers Weaponize ClickFix Tactic in Targeted Malware Campaigns (source)
- Chinese hackers target Russian govt with upgraded RAT malware (source)
- Hackers Abuse Russian Bulletproof Host Proton66 for Global Attacks and Malware Delivery (source)
- Iran-Linked Hackers Target Israel with MURKYTOUR Malware via Fake Job Campaign (source)
- North Korean Hackers Spread Malware via Fake Crypto Firms and Job Interview Lures (source)
- Iranian Hackers Maintain 2-Year Access to Middle East CNI via VPN Flaws and Malware (source)
- Russian Hackers Using ClickFix Fake CAPTCHA to Deploy New LOSTKEYS Malware (source)