Mimecast warns of certificate theft.
Mimecast, a company that offers email security services for Microsoft Office 365 accounts, warned on Tuesday that "a sophisticated threat actor" had compromised one of its certificates used to authenticate Mimecast Sync and Recover, Continuity Monitor, and IEP products to Microsoft 365 Exchange Web Services. The certificate would have allowed the actors to intercept inbound and outbound email traffic, Threatpost explains.
Mimecast stated, "Approximately 10 percent of our customers use this connection. Of those that do, there are indications that a low single digit number of our customers’ M365 tenants were targeted." (Reuters notes that Mimecast has upwards of 36,000 customers.) Mimecast adds, "As a precaution, we are asking the subset of Mimecast customers using this certificate-based connection to immediately delete the existing connection within their M365 tenant and re-establish a new certificate-based connection using the new certificate we’ve made available. Taking this action does not impact inbound or outbound mail flow or associated security scanning."
Reuters cites anonymous sources in the security industry to the effect that they suspect the hackers who compromised Mimecast's certificates are the same threat actors that were behind the Solarigate incident. The Wall Street Journal says the Mimecast hackers "used tools and techniques" that tie them to the SolarWinds breach.