Hackers stole Mimecast certificate to attack Microsoft 365 users

Hackers stole Mimecast certificate
Written by Emma Davis

Mimecast, an international cloud-based email management company for Microsoft Exchange and Microsoft Office 365, said hackers had stolen a digital certificate provided to customers to securely connect Microsoft 365 Exchange accounts to Mimecast services.

The hack was discovered only after Microsoft experts notified the company of the incident.

The company did not clarify which of the seven types of certificate was compromised based on geographic location.

Microsoft recently informed us that a Mimecast-issued certificate provided to certain customers to authenticate Mimecast Sync and Recover, Continuity Monitor, and IEP products to Microsoft 365 Exchange Web Services has been compromised by a sophisticated threat actor. Approximately 10 percent of our customers use this connection. Of those that do, there are indications that a low single digit number of our customers’ M365 tenants were targeted. We have already contacted these customers to remediate the issue.reported Mimecast representatives.

The certificate is used to validate and authenticate the Mimecast Sync and Recover, Continuity Monitor, and Internal Email Protect (IEP) products for Microsoft 365 Exchange Web Services. The consequence of such a compromise can lead to a MitM attack, during which an attacker can potentially take control of the connection and mail traffic or even steal confidential information.

As a precaution to prevent potential abuse, users are advised to immediately delete the existing connection in their Microsoft 365 tenant and re-establish a new connection using the new provided certificate.

An investigation of the incident is ongoing, and the company notes that it will work closely with Microsoft and law enforcement agencies as needed. In addition, according to sources of the Reuters news agency, the hackers who hacked Mimecast are the same group that hacked the systems of the American software manufacturer SolarWinds and a number of US government departments.

As a precaution, we are asking the subset of Mimecast customers using this certificate-based connection to immediately delete the existing connection within their M365 tenant and re-establish a new certificate-based connection using the new certificate we’ve made available. Taking this action does not impact inbound or outbound mail flow or associated security scanning.highly recommend Mimecast representatives.

Let me remind you that Microsoft fixed a dangerous error in the RDP code.

User Review
0 (0 votes)
Comments Rating 0 (0 reviews)

About the author

Emma Davis

I'm writer and content manager (a short time ago completed a bachelor degree in Marketing from the Gustavus Adolphus College). For now, I have a deep drive to study cyber security.

Leave a Reply