Mimecast dumps SolarWinds after hackers breached its network

The email security firm has confirmed that SolarWinds hackers gained access to a "limited number of our source code repositories"

Email security provider Mimecast has admitted that SolarWinds hackers managed to breach its networks and access source code repositories. 

In a statement, the company said that investigations have confirmed that hackers used the SolarWinds supply chain compromise to gain access to part of its production grid environment.

“Using this entry point, the threat actor accessed certain Mimecast-issued certificates and related customer server connection information,” the firm said.

Hackers also managed to access a subset of email addresses and other contact information, as well as encrypted and/or hashed and salted credentials. 

“In addition, the threat actor accessed and downloaded a limited number of our source code repositories, but we found no evidence of any modifications to our source code nor do we believe there was any impact on our products,” the company added.

Mimecast joins Microsoft in having source code accessed by SolarWinds hackers. Last month, Microsoft admitted that hackers had downloaded some source code for its Azure, Exchange, and Intune cloud-based tools.

Mimecast added that it had no evidence that the threat actor accessed email or archive content held by the company on behalf of its customers.  

The company was notified by Microsoft in January that a certificate it provided to customers to authenticate Mimecast Sync and Recover, Continuity Monitor, and IEP products to Microsoft 365 Exchange Web Services had been compromised by a threat actor Microsoft was actively investigating.

These hackers used the certificate to “connect to a low single-digit number of our mutual customers’ Microsoft 365 tenants from non-Mimecast IP address ranges.”

Related Resource

Modern networking for the borderless enterprise

Five ways top organisations are optimising networking at the edge

Modern networking for the borderless enterprise - whitepaper from InfobloxDownload now

Mimecast said that while evidence showed that this certificate was used to target only a small number of customers, it “quickly formulated a plan to mitigate potential risk for all customers who used the certificate”.

“We made a new certificate connection available and advised these customers and relevant supporting partners, via email, in-app notifications, and outbound calls, to take the precautionary step of switching to the new connection,” the firm said.

Since the incident, Mimecast has reset all affected hashed and salted credentials. It is also in the process of implementing a new OAuth-based authentication and connection mechanism between Mimecast and Microsoft technologies, “which will provide enhanced security to Mimecast Server Connections”.

“We will work with customers to migrate them to this new architecture as soon as it is available,” the company said in a statement. 

Mimecasr has also confirmed that, as a result of the incident, it has decommissioned its SolarWinds Orion software and replaced it with a Cisco NetFlow monitoring system. This makes it first SolarWinds hack victims to publicly announce they’re ditching the network monitoring platform for a competing product.

Featured Resources

Unlocking collaboration: Making software work better together

How to improve collaboration and agility with the right tech

Download now

Four steps to field service excellence

How to thrive in the experience economy

Download now

Six things a developer should know about Postgres

Why enterprises are choosing PostgreSQL

Download now

The path to CX excellence for B2B services

The four stages to thrive in the experience economy

Download now

Recommended

Russia launched over a million cyber attacks in three months
hacking

Russia launched over a million cyber attacks in three months

13 Apr 2021
Hackers leak data from dark web marketplace
cyber security

Hackers leak data from dark web marketplace

9 Apr 2021
Hackers are using fake messages to break into WhatsApp accounts
instant messaging (IM)

Hackers are using fake messages to break into WhatsApp accounts

8 Apr 2021
Hackers sell $38 million in gift cards on Russian marketplace
hacking

Hackers sell $38 million in gift cards on Russian marketplace

7 Apr 2021

Most Popular

Microsoft is submerging servers in boiling liquid to prevent Teams outages
data centres

Microsoft is submerging servers in boiling liquid to prevent Teams outages

7 Apr 2021
Hackers are using fake messages to break into WhatsApp accounts
instant messaging (IM)

Hackers are using fake messages to break into WhatsApp accounts

8 Apr 2021
How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

8 Apr 2021