Mimecast, a popular Email Security and Archival platform, posted on its blog Tuesday that a certificate it uses to encrypt traffic between itself and Microsoft was hijacked. Details are sketchy at this point, but the company is estimating approximately ten percent of its more than 36,000 customers use the corrupted connection.
The suggested action is to delete the connection that uses the corrupted certificate if it is present in your organization. According to their post, they have already contacted those customers who are at risk. You can read the full post on the Mimecast site at Important Update from Mimecast | Mimecast Blog.
Of course speculation is running wild with this sophisticated attack coming on the heels of the SolarWinds debacle. Rumors are already suggesting this event was perpetuated by the same group of Russian hackers that infiltrated the monitoring company’s customer base. Techbloggingfool.com could find no substantial evidence or official channel to back this hypotheses at this time.