Earlier this week Mimecast disclosed that a certificate used for communication with Microsoft 365 was compromised by a “sophisticated threat actor”.
 
Matsco has been in contact with Mimecast on the issue, in addition to verifying manually that none of our clients utilise the Mimecast services which have been affected.
 
The attack involved a certificate which enabled authentication between Mimecast and Microsoft for the following applications: ‘Mimecast Sync and Recover,’ ‘Continuity Monitor’ and ‘IEP.’ Mimecast will continue investigating, and disclosed that the vulnerability put at risk approximately 10% of their customer base and a small number in “single digits” were compromised.
 
Matsco will continue to monitor the situation for any developments.
 
For more information please see:
 
Important Update from Mimecast | Mimecast Blog
Mimecast says hackers abused one of its certificates to access Microsoft accounts | ZDNet
Mimecast Cert Compromised to Target Inboxes in “Sophisticated” Attack – Infosecurity Magazine (infosecurity-magazine.com)