SolarWinds Attackers May Have Hit Mimecast, Driving New Concerns

Mimecast no longer uses the SolarWinds Orion network management software that served as an attack vector for thousands of organizations.

Dark Reading Staff, Dark Reading

January 14, 2021

2 Min Read
Dark Reading logo in a gray background | Dark Reading

The discovery of a data breach at email service provider Mimecast could indicate attackers behind the massive SolarWinds incident may have pursued multiple paths to infiltrate target organizations, a new report states. 

Earlier this week, Mimecast confirmed an attacker had compromised a certificate provided to certain customers to authenticate Mimecast products to Microsoft 365 Exchange Web Services. The tools and techniques used in this attack link these operators to those who recently targeted SolarWinds, The Wall Street Journal reports.

The SolarWinds attack affected some 18,000 public and private organizations that downloaded infected versions of legitimate updates to its Orion network management software. However, the attack on Mimecast shows not all victims had to be SolarWinds customers to be targeted.

Mimecast was a SolarWinds customer in the past but no longer uses the Orion software, a person familiar with the matter told WSJ. The company has not determined how attackers got in or whether its earlier use of SolarWinds could have left it vulnerable. 

As security experts note, Mimecast digital certificates could enable attackers to read data stored on Microsoft Exchange servers. Mimecast says the incident affected about 10% of its customers. It's asking those who use this certificate-based connection to delete the existing connection in their Microsoft 365 tenant and establish a new certificate-based connection with a new certificate it has made available. 

Read the full report for more details.

About the Author

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights