A breach at email security provider Mimecast Inc. underscores that Russia-linked hackers appear to have targeted victims along multiple avenues of attack in what is shaping up to be one of the most successful cyber campaigns of U.S. government and corporate systems.
The attack potentially adds thousands of victims to the yearslong intelligence operation and likely aimed at gaining access to email systems, security experts say. Mimecast, in a Tuesday blog post, said the hackers were able to obtain a digital certificate used by the company to access its customers’ Microsoft 365 office productivity services.
The Mimecast hackers used tools and techniques that link them to the hackers who broke into Austin, Texas-based SolarWinds Corp., according to people familiar with the investigation. The link to the SolarWinds hackers was reported earlier by Reuters.
U.S. government officials have blamed Russia for the SolarWinds attack. Moscow has denied involvement.
Most of the companies and government agencies identified as victims to date were compromised via a piece of network management software called Orion that belongs to SolarWinds. But the Mimecast case, in which the vendor’s customers became targets, highlights that not all victims had to be SolarWinds users themselves to be targeted.
