Mimecast dumps SolarWinds after hackers breached its network

The email security firm has confirmed that SolarWinds hackers gained access to a "limited number of our source code repositories"

Email security provider Mimecast has admitted that SolarWinds hackers managed to breach its networks and access source code repositories. 

In a statement, the company said that investigations have confirmed that hackers used the SolarWinds supply chain compromise to gain access to part of its production grid environment.

“Using this entry point, the threat actor accessed certain Mimecast-issued certificates and related customer server connection information,” the firm said.

Hackers also managed to access a subset of email addresses and other contact information, as well as encrypted and/or hashed and salted credentials. 

“In addition, the threat actor accessed and downloaded a limited number of our source code repositories, but we found no evidence of any modifications to our source code nor do we believe there was any impact on our products,” the company added.

Mimecast joins Microsoft in having source code accessed by SolarWinds hackers. Last month, Microsoft admitted that hackers had downloaded some source code for its Azure, Exchange, and Intune cloud-based tools.

Mimecast added that it had no evidence that the threat actor accessed email or archive content held by the company on behalf of its customers.  

The company was notified by Microsoft in January that a certificate it provided to customers to authenticate Mimecast Sync and Recover, Continuity Monitor, and IEP products to Microsoft 365 Exchange Web Services had been compromised by a threat actor Microsoft was actively investigating.

These hackers used the certificate to “connect to a low single-digit number of our mutual customers’ Microsoft 365 tenants from non-Mimecast IP address ranges.”

Related Resource

Modern networking for the borderless enterprise

Five ways top organisations are optimising networking at the edge

Modern networking for the borderless enterprise - whitepaper from InfobloxDownload now

Mimecast said that while evidence showed that this certificate was used to target only a small number of customers, it “quickly formulated a plan to mitigate potential risk for all customers who used the certificate”.

“We made a new certificate connection available and advised these customers and relevant supporting partners, via email, in-app notifications, and outbound calls, to take the precautionary step of switching to the new connection,” the firm said.

Since the incident, Mimecast has reset all affected hashed and salted credentials. It is also in the process of implementing a new OAuth-based authentication and connection mechanism between Mimecast and Microsoft technologies, “which will provide enhanced security to Mimecast Server Connections”.

“We will work with customers to migrate them to this new architecture as soon as it is available,” the company said in a statement. 

Mimecasr has also confirmed that, as a result of the incident, it has decommissioned its SolarWinds Orion software and replaced it with a Cisco NetFlow monitoring system. This makes it first SolarWinds hack victims to publicly announce they’re ditching the network monitoring platform for a competing product.

Featured Resources

B2B under quarantine

Key B2C e-commerce features B2B need to adopt to survive

Download now

The top three IT pains of the new reality and how to solve them

Driving more resiliency with unified operations and service management

Download now

The five essentials from your endpoint security partner

Empower your MSP business to operate efficiently

Download now

How fashion retailers are redesigning their digital future

Fashion retail guide

Download now

Recommended

Most employees put their workplace at risk by taking cyber security shortcuts
cyber security

Most employees put their workplace at risk by taking cyber security shortcuts

27 Jul 2021
61% of organizations say improving security a top priority for 2021
cyber security

61% of organizations say improving security a top priority for 2021

29 Jun 2021
ProtectedBy.AI’s CodeLock blocks malware at source code level
software as a service (SaaS)

ProtectedBy.AI’s CodeLock blocks malware at source code level

9 Jun 2021
Nigerian cyber criminals target Texas unemployment system
cyber security

Nigerian cyber criminals target Texas unemployment system

27 May 2021

Most Popular

The benefits of workload optimisation
Sponsored

The benefits of workload optimisation

16 Jul 2021
UK gun owners urged to be ‘vigilant’ after Guntrader data breach
data breaches

UK gun owners urged to be ‘vigilant’ after Guntrader data breach

23 Jul 2021
Samsung Galaxy S21 5G review: A rose-tinted experience
Mobile Phones

Samsung Galaxy S21 5G review: A rose-tinted experience

14 Jul 2021