Last updated on February 28, 2021
Photo by EpicTop10 on Flickr.
Mimecast has recently confirmed that the threat actor behind the SolarWinds supply-chain attack is behind the security breach they had earlier this month.
After an internal investigation, Mimecast reported:
“Our investigation has now confirmed that this incident is related to the SolarWinds Orion software compromise and was perpetrated by the same sophisticated threat actor.
“Our investigation also showed that the threat actor accessed, and potentially exfiltrated, certain encrypted service account credentials created by customers hosted in the United States and the United Kingdom. These credentials establish connections from Mimecast tenants to on-premise and cloud services, which include LDAP, Azure Active Directory, Exchange Web Services, POP3 journaling, and SMTP-authenticated delivery routes.”
At this time, Mimecast did mention that there is no evidence that any of the encrypted credentials that may have been accessed were decrypted or misused. That being said, they do advise for their US and UK customers to reset their credentials.