Supply chain
⛓ Supply Chain
Microsoft 365 exchange infrastructure Third-Party Breach (February 2021)
Primary Source ↗Incident Details
Mimecast Certificate Hacked in Microsoft Email Supply-Chain Attack. A sophisticated threat actor has hijacked email security connections to spy on targets. A Mimecast-issued certificate used to authenticate some of the company’s products to Microsoft 365 Exchange Web Services has been “compromised by a sophisticated threat actor,” the company has announced. Third-party company: Mimecast.
Technical Details
- Initial Attack Vector
- Compromise of third-party service provider / vendor relationship
- Vendor / Product
- Mimecast
- Supply Chain Attack
- ✅ Confirmed third-party / vendor compromise
Timeline
- 2021-02-01 Breach occurred
- 2021-01-12 Publicly disclosed