Security News > 2021 > March > Mimecast: SolarWinds hackers used Sunburst malware for initial intrusion
Email security company Mimecast has confirmed today that the state-sponsored SolarWinds hackers who breached its network earlier this year downloaded source code out of a limited number of repositories.
To breach Mimecast's network, the attackers used the Sunburst backdoor, a malware distributed by the SolarWinds hackers to roughly 18,000 SolarWinds customers using the compromised auto-update mechanism of the SolarWinds Orion IT monitoring platform.
The company believes that the source code exfiltrated by the attackers is incomplete and insufficient to develop a working version of the Mimecast service.
During the investigation, Mimecast discovered additional access methods established by the SolarWinds hackers to maintain access to compromised Windows systems on the company's production grid environment.
Mimecast reset all "Affected hashed and salted credentials" after also recommending customers hosted in the US and the UK to reset any server connection credentials they use on the Mimecast platform.
Around the time Mimecast disclosed their breach, cybersecurity firm Malwarebytes also confirmed that the SolarWinds hackers could access some internal company emails.
News URL
Related news
- FIN7 hackers launch deepfake nude “generator” sites to spread malware (source)
- N. Korean Hackers Use Fake Interviews to Infect Developers with Cross-Platform Malware (source)
- North Korean Hackers Target Crypto Firms with Hidden Risk Malware on macOS (source)
- North Korean hackers use new macOS malware against crypto firms (source)
- Unpatched Mazda Connect bugs let hackers install persistent malware (source)
- North Korean Hackers Target macOS Using Flutter-Embedded Malware (source)
- Iranian Hackers Use "Dream Job" Lures to Deploy SnailResin Malware in Aerospace Attacks (source)
- Russian Hackers Exploit New NTLM Flaw to Deploy RAT Malware via Phishing Emails (source)
- Iranian Hackers Deploy WezRat Malware in Attacks Targeting Israeli Organizations (source)
- Chinese hackers target Linux with new WolfsBane malware (source)