A sophisticated threat actor compromised a Mimecast certificate used to authenticate several of the company’s products with Microsoft 365 Exchange Web Services, Mimecast said Tuesday.
Lexington, Massachusetts-based email security provider said the certificate used to authenticate its sync and recovery, continuity monitoring, and internal email protection (IEP) products at Microsoft 365 has been compromised. Mimecast said it was recently informed of the compromise by Microsoft.
Mimecast’s stock fell $ 2.40 per share, or 4.67 percent) to $ 49 per share on the Tuesday leading up to trading. This is the lowest value the company’s stock has traded since December 15. Mimecast declined to answer questions about whether the compromise on its certificate was met by the same threat actor who spent months injecting malicious code into SolarWinds Orion’s network monitoring tool.
[Related: SolarWinds Hackers Gain Access To Microsoft’s Source Code]
About 10 percent of Mimecasts …