Security News > 2021 > March > Mimecast: SolarWinds Attackers Stole Source Code

Mimecast: SolarWinds Attackers Stole Source Code
2021-03-17 16:18

Hackers who compromised Mimecast networks as part of the SolarWinds espionage campaign have swiped some of the security firm's source code repositories, according to an update by the company.

In the most recent part of its investigation into the SolarWinds hack, Mimecast said it has found evidence that a "Limited" number of source code repositories were also accessed.

The security vendor sought to downplay the impact of this access: "We believe that the source code downloaded by the threat actor was incomplete and would be insufficient to build and run any aspect of the Mimecast service," it said in a Tuesday update.

In January, Microsoft discovered that attackers had compromised a Mimecast-owned certificate, used to authenticate Mimecast Sync and Recover, Continuity Monitor, and Internal Email Protect products to Microsoft 365 Exchange Web Services.

Further information about the type of source code accessed is not available other than Mimecast saying that the source code accessed by attackers was "Incomplete;" Mimecast did not provide further information on the accessed source code when reached by Threatpost.

SolarWinds attackers also nabbed source code repositories from Microsoft.


News URL

https://threatpost.com/mimecast-solarwinds-attackers-stole-source-code/164847/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Solarwinds 44 0 80 95 40 215