Abusing of Mimecast’s certificates for Microsoft’s users

Mimecast is a company that issues a certificate to those people or organisation especially Microsoft’s 365 Outlook/Exchange admit that they been compromised by the sophisticated threat actors.

The sophisticated threat actors has successfully obtained the digital certificates and use it to abused the Microsoft 365 accounts via gaining access to it.

Those are the certificates been affected can be seen as below:

  • Exchange On-Premises or Microsoft 365 mailboxes,
  • Continuity Monitor (looks for disruptions in email traffic) and
  • Internal Email Protect (IEP) (inspects internally generated emails for malicious links, attachments or for sensitive content).

Terence Jackson, CISO at Thycotic, have told Threatpost such as below: 

These products would access customers Microsoft 365 exchange servers in order for them to provide security services (backup, spam and phishing protection). Since these certificates were legit, an adversary would have been able to connect without raising suspicions to eavesdrop and exfiltrate email communications

For this incident not happen again in the near future, it’s advisable to “immediately delete the existing connection on their M365 tenant and re-connect and establish a new certificate”

Reference: Mimecast Certificate Hacked in Microsoft Email Supply-Chain Attack

Author: Wan Ariff

He brings with him working experience in Information Security filed which specializing in Penetration Testing and Digital Forensic. His passion is more to IT Security

Leave a Reply

Your email address will not be published. Required fields are marked *