Hackers who gained access to Mimecast's systems via a poisoned SolarWind's software update late last year appear to have caused more damage than originally thought.
The email security vendor's continuing investigation of the breach has revealed that the attackers accessed and downloaded at least some of its source code repositories and also email addresses, contact information and hashed, salted credentials belonging to some customers.
In an update this week — at least the third since news of the breach first broke — Mimecast described the source code theft as limited in scope and unlikely to have any negative consequences for customers.
"We believe that the source code downloaded by the threat actor was incomplete and would be insufficient to build and run any aspect of the Mimecast service," the company said.
There is also no evidence that the threat actor used their access to modify Mimecast source code or impact products in any way, the security vendor noted.
Mimecast is one of many organizations around the world that was impacted when a believed nation-state backed threat actor installed malware called SUNBURST on their networks by quietly hiding the malicious code in legitimate software updates from SolarWinds. Some 18,000 SolarWinds customers — such as Mimecast — received and downloaded the poisoned updates. But relatively few of them were subsequently targeted for further exploits.
Mimecast discovered the attack in January when Microsoft notified the company about a compromise involving certificates used to authenticate Mimecast security products to Microsoft 365 Exchange Web Services environments. Along with the certificates, the attackers also accessed related ..
Support the originator by clicking the read the rest link below.
