Security agency Mimecast has recently disclosed that the SolarWinds hacking attack that led to threat actors illegally accessing its private networks had also downloaded source code from its repositories.
Mimecast has provided a report covering the details of its investigation which states that a threat actor had gained unauthorized access to a cluster of email addresses and other contact data stored in some of their repositories. The threat actors had seemingly salted and hashed the credentials that they had gained access to.
This was reportedly seen as a common trait among the victims of the SolarWinds hacking attack with the alleged state-sponsored actors frequently stealing repository assets.
However, Mimecast has put forth the fact that whatever source code was downloaded was fragmentary and would provide no substance in building or operating any constituent of Mimecast services.
Currently, there are no signs indicating that threat actors have tampered to build processes associated with the binaries distributed to its customers.
SolarWinds impact on Mimecast:
Back in January, Mimecast had reported a cyberattack that had compromised a digital certificate that is supplied to its clients to connect their products to Microsoft 365 Exchange in a secure manner.
Subsequently, Mimecast linked the cyber attack to the SolarWinds Hacking incident which had wreaked havoc due to its mass-scale hacking campaign across thousands of U.S organizations.
Mimecast was specifically impacted in the cyberattack as a consequence of threat actors poaching some of the company’s encrypted service account credentials for customers around the UK and the US, as was reported.
Detailing the hacking incident, Mimecast states the detection of oblique movement from the primary access point to their production grid enclosing few Windows servers in a fashion similar to the traced pattern of the attack.
The encroachment had seemingly originated from the Sunburst backdoor implemented through the SolarWinds Orion software update trojan.
Mimecast mitigating risks:
Mimecast is yet to disclose the exact number of customers compromised in the SolarWinds hacking incident but said in January that “a low single-digit number of our customers’ M365 tenants were targeted.”
As far as deploying security measures are concerned, the security organization has noted that they have supplanted the compromised Windows servers as well as has upgraded the encryption algorithm for all stored credentials and certificates.
The security organization has also replaced their IT administration from the SolarWinds Orion software with a NetFlow monitoring system to mitigate any future risks.