Home / Early Warning / Cybersecurity Highlights / A threat actor commits a Mimecast certificate

A threat actor commits a Mimecast certificate

01/12/2021

The email management software provider, Mimecast, has reported that one of its issued certificates, intended to authenticate its Mimecast Sync and Recover, Continuity Monitor and IEP (Internal Email Protect) products for connecting to Microsoft 365 Exchange Web Services, has been compromised by a sophisticated threat actor.

It has been confirmed that only 10% of its customers use this type of connection and less than 10 of them have been of interest to the cybercriminal.

As a countermeasure, Mimecast has asked its customers to remove the connection within their M360 tenant and re-establish it with a new certificate.

The incident is currently being investigated by Microsoft and the police.