The hack was discovered only after Microsoft experts notified the company of the incident.
Mimecast, an international cloud-based email management company for Microsoft Exchange and Microsoft Office 365, reported that cybercriminals have compromised a digital certificate provided to customers to securely connect Microsoft 365 Exchange accounts to Mimecast services.
The hack was discovered only after Microsoft experts notified the company of the incident. The company did not clarify which of the seven types of certificate was compromised based on geographic location.
The certificate is used to validate and authenticate the Mimecast Sync and Recover, Continuity Monitor, and Internal Email Protect (IEP) products for Microsoft 365 Exchange Web Services. The consequence of such a compromise can lead to a MitM attack, during which an attacker can potentially take control of the connection and mail traffic or even steal confidential information.
As a precaution to prevent potential abuse, users are advised to immediately delete the existing connection in their Microsoft 365 tenant and re-establish a new connection using the new provided certificate.
An investigation into the incident is ongoing, and the company notes that it will work closely with Microsoft and law enforcement agencies if necessary.
In addition, according to sources from the Reuters news agency, the hackers who hacked Mimecast are the same group that hacked the systems of the American software manufacturer SolarWinds and a number of US government departments.