The company went on to say that there is no evidence that the hackers accessed email or archive content Mimecast holds on behalf of its customers. The hackers also accessed email addresses, contact information, and “encrypted and/or hashed and salted credentials.” A limited number of source code repositories were also downloaded, but Mimecast said there’s no evidence of modifications or impact on company products. Working with Microsoft, which first discovered the breach and reported it to Mimecast, company investigators found that the threat actors then used the certificate to “connect to a low single-digit number of our mutual customers’ M365 tenants from non-Mimecast IP address ranges.” They then accessed a Mimecast-issued certificate that some customers use to authenticate various Microsoft 365 Exchange web services. Exploiting the Sunburst malware sneaked into the update, the attackers first gained access to part of the Mimecast production-grid environment.
#Solarwinds data breach update#
The hackers, which US intelligence agencies have said likely have Russian origins, used a backdoored update for SolarWinds Orion software to target a small number of Mimecast customers.
Further Reading Hackers steal Mimecast certificate used to encrypt customers’ M365 trafficEmail-management provider Mimecast has confirmed that a network intrusion used to spy on its customers was conducted by the same advanced hackers responsible for the SolarWinds supply chain attack.
0 kommentar(er)
