Mimecast said on Tuesday that “a sophisticated threat actor” had compromised a digital certificate it provided to certain customers to securely connect its products to Microsoft 365 (M365) Exchange. The London-based company said it’s reached out to the impacted organizations to remediate the issue. Reuters, citing sources, said the hackers who compromised the certificate were the same group that breached U.S. software maker SolarWinds and a host of sensitive government agencies. The company has asked its customers to delete the existing connection within their M365 tenant with immediate effect and re-establish a new certificate-based connection.
Source: https://thehackernews.com/2021/01/hackers-steal-mimecast-certificate-used.html