A sophisticated threat actor has compromised a certificate used to authenticate Mimecast products to Microsoft 365 Exchange Web Services, according to a prepared statement. The compromise impacts Mimecast Sync and Recover, Continuity Monitor and Internal Email Protect (IEP) users who leverage a certificate-based connection to Microsoft 365.
Approximately 10 percent of Mimecast customers may be affected by the compromise, the company said. However, Mimecast indicated that a low single-digit number of these customers’ Microsoft 365 tenants may have been targeted.
Mimecast is asking affected customers to delete their existing connection within their Microsoft 365 tenant and establish a new certificate-based connection using the new certificate that the company has released. This action will have no impact on inbound or outbound email flow or security scanning.
In addition, Mimecast has notified affected customers to remediate the issue. Mimecast also is working with a third-party forensics expert to investigate the compromise and will work with Microsoft and law enforcement as needed.
A threat actor has compromised a certificate used to authenticate Mimecast Sync & Recover, Continuity Monitor & IEP to Microsoft 365 Exchange Web Services.