A Mimecast-issued certificate used to authenticate some of the company s products to Microsoft 365 Exchange Web Services has been compromised by a sophisticated threat actor, the company has announced. A compromise means that cyberattackers could take over the connection, though which inbound and outbound mail flows, researchers said. The attack is reminiscent of the recently discovered SolarWinds hacks, which have been attributed to the same advanced persistent threat actor. Mimecasts has issued a new certificate and is urging users to re-establish their connections with the new authentication.
Source: https://threatpost.com/mimecast-certificate-microsoft-supply-chain-attack/162965/