[Security Weekly] Mimecast Source Code Stolen by Hackers Exploiting SolarWinds Sunburst Backdoor
3rd Week of March 2021
1. Mimecast source code stolen by hackers exploiting SolarWinds Sunburst backdoor
Mimecast, a UK-based cybersecurity firm specializing in cloud-based email management, disclosed on March 16 that a limited number of its source code was stolen by hackers. The hackers gained access to Mimecast’s grid environment by exploiting Sunburst, SolarWinds Orion’s software update vulnerability.
Mimecast revealed that the attackers exfiltrated a number of source code repositories back in January. Yet, the company suggested that the stolen source code was limited and hence was not sufficient to run any Mimecast programs. As of now, there has been no evidence suggesting that the leak impacted any existing products.
The attackers also compromised a number of certificates issued by Mimecast, which was actively used by 10% of Mimecast’s customers. The certificates were exploited to target a very small number of Microsoft 365 tenants.
Other compromised data included email addresses and contact details. The attackers have not yet been identified.
Sources: ZDNet, Threatpost
2. Espionage campaign “Operation Dianxun” steals 5G technology from telecom giants
McAfee’s Advanced Threat Research (ATR) Strategic Alliance team discovered an ongoing global cyber espionage campaign that has so far targeted at least 23 telecom companies across the US, Europe, and Southeast Asia. Dubbed “Operation Dianxun” — the romanized Chinese word for “telecom” — the campaign was traced to a hacking group based in China.
The attackers gained access to these companies by somehow directing employees into a fake website that looked exactly like Huawei’s career site. The fake site, controlled by the attackers, was used to deploy the infamous Cobalt Strike backdoor, which allowed the attackers to silently gain visibility to the victim’s computer. The attackers had no connections to Huawei.
Researchers believe that the attackers’ goal is to steal 5G-related technology and that the campaign is currently active. Began in August 2020, the campaign has so far lasted for over half a year.
3. Fastway Courier exposes personal data of 450,000 customers in cyberattack
Fastway, a New Zealand-based courier company with presence in Australia, South Africa, and the island of Ireland, disclosed on March 11 that it had suffered a cyberattack that compromised the personal data of 450,000 customers.
Fastway was informed of the cyberattack by an outsourced IT developer on February 25, which said that unidentified attackers gained access to Fastway’s database. The delivery information of nearly 450,000 parcel recipients spanning over 30 days was compromised, leaking personal details including names, home addresses, phone numbers, and email addresses.
Fastway filed the incident with local authorities and said that the intrusion was mitigated soon after it was discovered.
Sources: Infosecurity
Check out Penta Security’s product lines:
Web Application Firewall: WAPPLES
Database Encryption: D’Amo
Identity and Access Management: ISign+
Car, Energy, Factory, City Solutions: Penta IoT Security