Email security firm Mimecast has had its digital certificate compromised giving threat actors access to private customer communications.
In an official statement Mimecast announced that their digital certificate used to protect connections between its products and Microsoft’s cloud services was compromised. Microsoft informed them of the incident.
“Approximately 10 percent of our customers use this connection. Of those that do, there are indications that a low single digit number of our customers’ M365 tenants were targeted. We have already contacted these customers to remediate the issue.” Mimecast said in their statement.
By compromising a certificate used to encrypt data, threat actors are able to decrypt, read and even modify the data.
This type of cyberattack is exceedingly difficult to execute since it requires private encryption keys stored in highly secure internal servers. Without hacking acuity, such a breach is only possible through insider access.
Impacted Mimecast customers are advised to delete their current Microsoft 365 connection and to reconnect with a replacement certificate.
The small subset of impact customers is a reason for concern. If threat actors were sophisticated enough to access highly guarded encryption keys, why was the impact so prosaic?
The chilling possibility is that this was a highly targeted attack intercepting the communications of specific Mimecast customers. An echo, and possible connection, to the surgical hacking methods of the SolarWinds breach.