Authentication Certificate Compromised

Threat Alert

Authentication Certificate Compromised

On January 12, 2021 Mimecast issued a statement on their blog indicating that sophisticated malicious actors had compromised an authentication certificate between a set of their services and Microsoft 365 web services.  The impact and corresponding precautions are also detailed on the blog.

According to CRN, Microsoft confirmed that a certificate provided by Mimecast was compromised by a sophisticated actor. Microsoft 365 customers not using Mimecast are unaffected. At Mimecast's request, Microsoft indicated that they will block this certificate on Monday, January 18, 2021.

As reported in the WSJ the Mimecast hackers used tools and techniques that link them to the hackers who broke into Austin, Texas-based SolarWinds Corp., according to people familiar with the investigation. The link to the SolarWinds hackers was reported earlier by Reuters. 

Customers of Zix | AppRiver are not directly affected by this certificate compromise.  For our recommendations on how organizations can protect themselves, please reference our recent Security Recommendations blog.