Mimecast: SolarWinds Attackers Stole Source Code

2021-03-17 16:18

Hackers who compromised Mimecast networks as part of the SolarWinds espionage campaign have swiped some of the security firm's source code repositories, according to an update by the company.

In the most recent part of its investigation into the SolarWinds hack, Mimecast said it has found evidence that a "Limited" number of source code repositories were also accessed.

The security vendor sought to downplay the impact of this access: "We believe that the source code downloaded by the threat actor was incomplete and would be insufficient to build and run any aspect of the Mimecast service," it said in a Tuesday update.

In January, Microsoft discovered that attackers had compromised a Mimecast-owned certificate, used to authenticate Mimecast Sync and Recover, Continuity Monitor, and Internal Email Protect products to Microsoft 365 Exchange Web Services.

Further information about the type of source code accessed is not available other than Mimecast saying that the source code accessed by attackers was "Incomplete;" Mimecast did not provide further information on the accessed source code when reached by Threatpost.

SolarWinds attackers also nabbed source code repositories from Microsoft.

News URL

https://threatpost.com/mimecast-solarwinds-attackers-stole-source-code/164847/

#mimecast #solarwinds #sourcecode

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Solarwinds		56	33	104	80	50	267