1 comment

[ 1.6 ms ] story [ 15.7 ms ] thread
This is MimeCast, one of the larger European corporate email filtering and security systems, saying:

> "Our investigation also showed that the threat actor accessed, and potentially exfiltrated, certain encrypted service account credentials created by customers hosted in the United States and the United Kingdom. These credentials establish connections from Mimecast tenants to on-premise and cloud services, which include LDAP, Azure Active Directory, Exchange Web Services, POP3 journaling, and SMTP-authenticated delivery routes."

> "Although we are not aware that any of the encrypted credentials have been decrypted or misused, we are advising customers hosted in the United States and United Kingdom to take precautionary steps to reset their credentials."

and

> "Our investigation has now confirmed that this incident is related to the SolarWinds Orion software compromise and was perpetrated by the same sophisticated threat actor."

Two weeks ago ( https://news.ycombinator.com/item?id=25751928 ) the linked write-up in Ars Technica wrote "It’s way too early to say that the Mimecast event is connected to the SolarWinds hack campaign, but there’s no denying that some of the circumstances match.", now it is confirmed.

(Unhelpful title, but HN rules say to use it verbatim)