Hackers abusing Mimecast certs to target Microsoft 365 users

Hackers abusing Mimecast certs to target Microsoft 365 users

Hackers abusing Mimecast certs to target Microsoft 365 users

Leading email security solutions vendor Mimecast has revealed that a sophisticated threat actor recently compromised one of its certificates to target a number of its customers who used the compromised certificate to connect to Microsoft 365 Exchange Web Services.

In a blog post published on Tuesday, Mimecast said that the affected certificate was issued to certain customers to authenticate Mimecast Sync and Recover, Continuity Monitor, and Internal Email Protect (IEP) products to Microsoft 365 Exchange Web Services.

The cyber security services vendor added that while 10 percent of its customers use the certificate to connect to Microsoft 365 Exchange Web Services, only a “low single digit number” of its customers’ M365 tenants were targeted.

“As a precaution, we are asking the subset of Mimecast customers using this certificate-based connection to immediately delete the existing connection within their M365 tenant and re-establish a new certificate-based connection using the new certificate we’ve made available. Taking this action does not impact inbound or outbound mail flow or associated security scanning,” Mimecast said.

“The security of our customers is always our top priority. We have engaged a third-party forensics expert to assist in our investigation, and we will work closely with Microsoft and law enforcement as appropriate,” it added.

In a statement given to CRN, Microsoft confirmed the abuse of the Mimecast-issued certificate by a sophisticated actor and said that the exploit did not affect Microsoft 365 users who do not use Mimecast’s products.

“We can confirm that a certificate provided by Mimecast was compromised by a sophisticated actor. This certificate enables their customers to connect certain Mimecast applications to their M365 tenant. At Mimecast’s request, we are blocking this certificate on Monday, January 18, 2021,” the company said.

ALSO READ: Fake code-signing certificates: Why organisations should be worried

Copyright Lyonsdown Limited 2021

Top Articles

RockYou2021 data leak: 8.4 billion passwords compromised

A report shows that 100GB of data which includes 8.4 billion passwords have been recently leaked on the internet, people are being encouraged to secure their accounts.

Hackers Breach Electronic Arts & Steal Game Code

Electronic Arts, one of the world's biggest video game publishers including games such as FIFA, Madden, Sims and Medal of Honor, are the latest company to be hacked.

JBS Foods paid £7.7m in ransom to REvil ransomware gang

JBS Foods, the world’s largest processor of beef and poultry products, has admitted to paying a ransom of $11 million to cyber criminals, a week after it announced that operations…

Related Articles

[s2Member-Login login_redirect=”https://www.teiss.co.uk” /]