Connect with us

Hi, what are you looking for?

Cyber Security

Mimecast confirms hackers behind SolarWinds supply chain attack accessed limited amount of customer information

Email security firm Mimecast has confirmed that a network intrusion earlier this year was conducted by the same “sophisticated” threat group that was behind the SolarWinds supply chain attack.

Mimecast’s networks were compromised in January after malicious actors gained access to its production grid environment.

A report released yesterday (March 16), produced by a third-party forensics team at Mandiant, has determined that the attack was conducted by the same actors who were responsible for the high-profile SolarWinds hack.

Deep dive

In a port-mortem of the attack, assailants believed to be from Russian hacking group APT29 were said to have exploited a backdoor in SolarWinds’ Orion software to gain access to the Mimecast production grid environment.

Following this, the threat actor then “accessed certain Mimecast-issued certificates and related customer server connection information”, the report details.

It reads: “The threat actor also accessed a subset of email addresses and other contact information, as well as encrypted and/or hashed and salted credentials.

“In addition, the threat actor accessed and downloaded a limited number of our source code repositories, but we found no evidence of any modifications to our source code nor do we believe there was any impact on our products.”

Mimecast said there is “no evidence” that the threat actor accessed email or archive content held on behalf of our customers.

‘Single digit’ victims

Mimecast said it was first notified of the incident by Microsoft, later employing Mandiant, a division of FireEye, to conduct a third-party investigation.

The report details the various phases of the analysis, as well as the steps taken by Mimecast to secure user data.

Mimecast said that a “low single digit” number of customers were impacted by the attack, as reported at the time of discovery.

The vendor advised all users to reset any server credentials in use on the Mimecast platform as a precaution.

Supply chain attack

In January, the SolarWinds supply chain attack saw threat actors exploit a backdoor vulnerability in the company’s Orion software, used for IT management and monitoring, to gain access to customers’ networks.

A number of high-profile organizations such as Microsoft and FireEye were impacted by the incident, as well as numerous US government agencies.

In February, security researchers at Trustwave discovered three new severe vulnerabilities in SolarWinds, with the most critical bug opening the door to remote code execution.

Advertisement. Scroll to continue reading.

All three vulnerabilities were patched before public disclosure. The supply chain attack discovered in January has also been resolved.

Source: https://portswigger.net/daily-swig/mimecast-confirms-hackers-behind-solarwinds-supply-chain-attack-accessed-limited-amount-of-customer-information

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

You May Also Like

Cyber Security

The cybercrime group evaded remediation efforts by installing persistent backdoors and deploying “new and novel malware.” A Chinese-linked hacking group that security researchers say...

Cyber Security

Media and frequent innovative releases aggressively fuel the rapid industry rise of generative AI (Artificial Intelligence) ChatGPT.  But, besides its innovative part, cybercriminals have...

Cyber Security

The administration and its private sector partners announced a slate of new initiatives on Monday aimed at protecting the nation’s school systems and their...

Cyber Security

The plan includes measures for improving cybersecurity knowledge at all levels of education and improving how the federal government attracts, hires and pays cybersecurity...

Copyright © 2023 Newsworthy News | Global | Political | Local | All News | Website By: Top Search SEO