- A growing number of cybersecurity vendors like CrowdStrike, Fidelis, FireEye, Malwarebytes, Palo Alto Networks and Qualys are confirming being targeted in the espionage attack.
- The SolarWinds espionage attack, which has affected several U.S. government agencies and many others, began with a poisoned software update that delivered the Sunburst backdoor to around 18,000 organizations last spring. After that broad-brush attack, the threat actors (believed to have links to Russia) selected specific targets to further infiltrate, which they did over the course of several months. The compromises were first discovered in December.
- The hack was brought to Mimecast’s attention by Microsoft (itself a SolarWinds victim), which has disabled the certificate’s use for Microsoft 365.
- Mimecast has also issued a new certificate and is urging users to re-establish their connections with the fresh authentication.
- Mimecast joins FireEye in admitting actual damage from the attack.
- Other firms fall into the Malwarebytes camp – confirming having been targeted, but reporting that no damage was done.
– Tara Seals | January 28, 2021