Mimecast says SolarWinds hackers breached its network and spied on customers

by
Dan Goodin
from Ars Technica - All content on (#5FDYP)
broken-lock-800x534.jpeg

Enlarge / Breaking in the computer. (credit: Getty Images)

Email-management provider Mimecast has confirmed that a network intrusion used to spy on its customers was conducted by the same advanced hackers responsible for the SolarWinds supply chain attack.

The hackers, which US intelligence agencies have said likely have Russian origins, used a backdoored update for SolarWinds Orion software to target a small number of Mimecast customers. Exploiting the Sunburst malware sneaked into the update, the attackers first gained access to part of the Mimecast production-grid environment. They then accessed a Mimecast-issued certificate that some customers use to authenticate various Microsoft 365 Exchange web services.

Tapping Microsoft 365 connections

Working with Microsoft, which first discovered the breach and reported it to Mimecast, company investigators found that the threat actors then used the certificate to connect to a low single-digit number of our mutual customers' M365 tenants from non-Mimecast IP address ranges."

Read 7 remaining paragraphs | Comments

index?i=1LUtsKWTiPI:E2Z1JUYlSjI:V_sGLiPB index?i=1LUtsKWTiPI:E2Z1JUYlSjI:F7zBnMyn index?d=qj6IDK7rITs index?d=yIl2AUoC8zA
External Content
Source RSS or Atom Feed
Feed Location http://feeds.arstechnica.com/arstechnica/index
Feed Title Ars Technica - All content
Feed Link https://arstechnica.com/
Reply 0 comments