A Mimecast-issued certificate used to authenticate some of the company s products to Microsoft 365 Exchange Web Services had been compromised by a sophisticated threat actor A growing number of cybersecurity vendors like CrowdStrike, Fidelis, FireEye, Malwarebytes, Palo Alto Networks and Qualys are confirming being targeted in the espionage attack. A compromise means that cyberattackers could take over the connection, though which inbound and outbound mail flows, researchers said.
Source: https://threatpost.com/mimecast-solarwinds-hack-security-vendor-victims/163431/