Home Cyber Crime Mimecast confirms hackers behind SolarWinds supply chain attack accessed limited amount of...

Mimecast confirms hackers behind SolarWinds supply chain attack accessed limited amount of customer information


Jessica Haworth

17 March 2021 at 14:25 UTC

Up to date: 17 March 2021 at 14:26 UTC

Third-party report finds ‘no proof’ that safety agency’s supply code was modified

Mimecast confirms hackers behind SolarWinds supply chain attack infiltrated networks, accessed customer information

E mail safety agency Mimecast has confirmed {that a} community intrusion earlier this yr was performed by the identical “subtle” menace group that was behind the SolarWinds provide chain attack.

Mimecast’s networks had been compromised in January after malicious actors gained entry to its manufacturing grid setting.

A report launched yesterday (March 16), produced by a third-party forensics crew at Mandiant, has decided that the assault was performed by the identical actors who had been answerable for the high-profile SolarWinds hack.

Deep dive

In a port-mortem of the assault, assailants believed to be from Russian hacking group APT29 had been stated to have exploited a backdoor in SolarWinds’ Orion software program to achieve entry to the Mimecast manufacturing grid setting.

Following this, the menace actor then “accessed sure Mimecast-issued certificates and associated buyer server connection info”, the report particulars.

It reads: “The menace actor additionally accessed a subset of e mail addresses and different contact info, in addition to encrypted and/or hashed and salted credentials.

Read more of the latest news about cyber-attacks

“As well as, the menace actor accessed and downloaded a restricted variety of our supply code repositories, however we discovered no proof of any modifications to our supply code nor will we imagine there was any influence on our merchandise.”

Mimecast stated there’s “no proof” that the menace actor accessed email or archive content material held on behalf of our prospects.

‘Single digit’ victims

Mimecast stated it was first notified of the incident by Microsoft, later using Mandiant, a division of FireEye, to conduct a third-party investigation.

The report particulars the assorted phases of the evaluation, in addition to the steps taken by Mimecast to safe consumer information.

INSIGHT Software supply chain attacks – everything you need to know

Mimecast stated {that a} “low single digit” variety of prospects had been impacted by the assault, as reported on the time of discovery.

The seller suggested all customers to reset any server credentials in use on the Mimecast platform as a precaution.

Provide chain assault

In January, the SolarWinds provide chain assault noticed menace actors exploit a backdoor vulnerability within the firm’s Orion software program, used for IT administration and monitoring, to achieve entry to prospects’ networks.

Quite a few high-profile organizations akin to Microsoft and FireEye had been impacted by the incident, in addition to quite a few US government companies.

In February, safety researchers at Trustwave found three new extreme vulnerabilities in SolarWinds, with probably the most essential bug opening the door to distant code execution.

All three vulnerabilities had been patched earlier than public disclosure. The availability chain assault found in January has additionally been resolved.

YOU MAY ALSO LIKE Multiple new flaws uncovered in SolarWinds software just weeks after high-profile supply chain attack

Source link