Mimecast Certificate meant for secure connection to Microsoft 365 stolen by Hackers.

Mimecast said on Tuesday that “a sophisticated threat actor” had compromised a digital certificate is provided to certain customers to securely connect its products to Microsoft 365 (M365) Exchange.

The discovery was made after the breach was notified by Microsoft, the London-based company said in an alert posted on its website, adding it’s reached out to the impacted organizations to remediate the issue.

The company didn’t elaborate on what type of certificate was compromised, but Mimecast offers seven different digital certificates based on the geographical location that must be uploaded to M365 to create a server Connection in Mimecast.

“Approximately 10 per cent of our customers use this connection,” the company said. “Of those that do, there are indications that a low single-digit number of our customers’ M365 tenants were targeted.”

The compromised certificate is used to verify and authenticate Mimecast Sync and RecoverContinuity Monitor, and Internal Email Protect (IEP) products to M365 Exchange Web Services.

A consequence of such a breach could result in a man-in-the-middle (MitM) attack, where an adversary could potentially take over the connection and intercept email traffic, and even steal sensitive information.

As a precaution to prevent future abuse, the company said it’s asked its customers to delete the existing connection within their M365 tenant with immediate effect and re-establish a new certificate-based connection using the new certificate that it has made available

Leave a Reply

Your email address will not be published.

Scroll to Top