A threat actor commits a Mimecast certificate
The email management software provider, Mimecast, has reported that one of its issued certificates, intended to authenticate its Mimecast Sync and Recover, Continuity Monitor and IEP (Internal Email Protect) products for connecting to Microsoft 365 Exchange Web Services, has been compromised by a sophisticated threat actor.
It has been confirmed that only 10% of its customers use this type of connection and less than 10 of them have been of interest to the cybercriminal.
As a countermeasure, Mimecast has asked its customers to remove the connection within their M360 tenant and re-establish it with a new certificate.
The incident is currently being investigated by Microsoft and the police.
References:
- 12/01/2021 mimecast.com Important update from mimecast
- 12/01/2021 sec.gov Public statement
- 12/01/2021 bleepingcomputer.com Mimecast discloses Microsoft 365 SSL certificate compromise
- 12/01/2021 zdnet.com Mimecast says hackers abused one of its certificates to access Microsoft accounts
- 12/01/2021 threatpost.com A sophisticated threat actor has hijacked email security connections to spy on targets
- 13/01/2021 blogs.masterhacks.net Hackers roban certificado de Mimecast para conectarse de forma segura con Microsoft 365