Mimecast certificate compromised by 'sophisticated' threat actor

Attack targeted Microsoft 365 Exchange Web Services through Mimecast-issued certificate

Mimecast has warned that some of its customers may be exposed after one of its certificates was compromised by a "sophisticated" threat actor.

The email security vendor was informed by Microsoft that a threat actor had targeted a Mimecast-issued certificate which authenticates a variety of Mimecast products to Microsoft 365 Exchange Web Services.

Mimecast warns that around 10 per cent of its customers use this certificate, but only a "low single digit" number of those were targeted by the attack.

The vendor claims it has already contacted the customers exposed to remediate the issue.

A subset of Mimecast customers using this certificate have been asked to immediately delete the existing connection with their Microsoft 365 tenant and re-establish the connection using a new certificate made available by Mimecast.

Mimecast claims it is working with a third-party forensics expert to assist in its investigation, and will work closely with Microsoft and law enforcement where appropriate.