Mimecast revealed in an update that SolarWinds hackers that attacked its systems had accessed several “limited” source code repositories.
Hackers had stolen some of the security firm’s source code repositories, according to the company’s Tuesday update.
The email security firm initially – in January – said attackers have stolen a subset of Mimecast customers’ email addresses, other contact information, and certain hashed and salted credentials. However, most recently, Mimecast said it has found evidence a “limited” number of source code repositories were also accessed.
However, the security vendor says “the source code downloaded by the threat actor was incomplete and would be insufficient to build and run any aspect of the Mimecast service.” “We found no evidence that the threat actor made any modifications to our source code nor do we believe that there was any impact on our products.”
Mimecast shared no further details about the breach.
In the January attack, as reported by Microsoft, attackers had compromised a Mimecast-owned certificate that is used to authenticate Mimecast Sync and Recover, Continuity Monitor, and Internal Email Protect (IEP) products to Microsoft 365 Exchange Web Services.
Threat actors most likely managed to extract customers’ encrypted credentials hosted in the United States and the United Kingdom by leveraging Mimecast’s compromised Windows environment.
Following the attack, Mimecast has issued a new certificate connection and advised affected customers to switch to it. The company also removed and blocked further access by threat actors to the company’s affected production grid environment.
“We have now completed our forensic investigation with Mandiant and have eliminated the threat actor’s access to our environment. We have already taken a number of actions to prevent future access to our environment as described below and we will continue to monitor for threats and take precautionary steps as needed.”
Mimecast assured it would continue to analyze and monitor its source code.