Security

Fidelis, Mimecast, Palo Alto Networks, Qualys also impacted by SolarWinds hack

Security vendors Fidelis, Mimecast, Palo Alto Networks, and Qualys revealed that were also impacted by SolarWinds supply chain attack

The SolarWinds supply chain attack is worse than initially thought, other security providers, confirmed that they were also impacted. Mimecast, Palo Alto Networks, Qualys, and Fidelis confirmed to have installed tainted updates of the SolarWinds Orion app.

Mimecast was the first security provider of the above ones that disclosed a major security breach, it revealed that threat actors compromised its internal network and leveraged digital certificates used by one of its products to access the Microsoft 365 accounts of some of its customers.

“Microsoft recently informed us that a Mimecast-issued certificate provided to certain customers to authenticate Mimecast Sync and Recover, Continuity Monitor, and IEP products to Microsoft 365 Exchange Web Services has been compromised by a sophisticated threat actor.” reads the announcement published by Mimecast.

“Approximately 10 percent of our customers use this connection. Of those that do, there are indications that a low single digit number of our customers’ M365 tenants were targeted.”

Today, Mimecast published a new update to confirm that the incident was linked to the SolarWinds supply chain attack that resulted in the installation of tainted SolarWinds updates on its systems.

“Our investigation has now confirmed that this incident is related to the SolarWinds Orion software compromise and was perpetrated by the same sophisticated threat actor.” reads the update.

“Our investigation also showed that the threat actor accessed, and potentially exfiltrated, certain encrypted service account credentials created by customers hosted in the United States and the United Kingdom.”

Security experts from security firm NETRESEC revealed this week that security provider Qualys was also a victim of the SolarWinds attack.

Qualys confirmed to the media that a malicious version of the Orion software infected its systems.

Below the list of other impacted organizations shared by the experts:

  • central.pima.gov (confirmed)
  • cisco.com (confirmed)
  • corp.qualys.com (confirmed)
  • coxnet.cox.com (confirmed)
  • ddsn.gov
  • fc.gov
  • fox.local
  • ggsg-us.cisco.com (confirmed)
  • HQ.FIDELIS (confirmed)
  • jpso.gov
  • lagnr.chevrontexaco.net
  • logitech.local
  • los.local
  • mgt.srb.europa* (confirmed)
  • ng.ds.army.mil
  • nsanet.local
  • paloaltonetworks* (confirmed)
  • phpds.org
  • scc.state.va.us (confirmed)
  • suk.sas.com
  • vgn.viasatgsd.com
  • wctc.msft
  • WincoreWindows.local

The above list includes Fidelis Cybersecurity and Palo Alto Networks, the former confirmed that attack but pointed out that attackers did not were able to deploy the second-stage payload.

Palo Alto Networks representative told Forbes that it detected two SolarWinds-linked incidents that took place in September and October 2020.

“Palo Alto said its own tools detected the malware by looking at its anomalous behavior, and so it was blocked.” reported Forbes. “Our Security Operation Center then immediately isolated the server, initiated an investigation and verified our infrastructure was secure. Additionally, at this time, our SOC notified SolarWinds of the activity observed. The investigation by our SOC concluded that the attempted attack was unsuccessful and no data was compromised,” the company said.

Other security firms that were impacted in the SolarWinds supply chain attack are FireEyeMicrosoftCrowdStrike (attackers were not able to breach the security firm), and Malwarebytes (company hacked by SolarWinds attackers in a separate incident).

If you want to receive the weekly Security Affairs Newsletter for free subscribe here.

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, SolarWinds)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.

Recent Posts

Romanian energy supplier Electrica Group is facing a ransomware attack

Romanian energy supplier Electrica Group is investigating an ongoing ransomware attack impacting its operations. Romanian…

8 hours ago

Deloitte denied its systems were hacked by Brain Cipher ransomware group

Deloitte has responded to claims by the Brain Cipher ransomware group, which alleges the theft…

13 hours ago

Mandiant devised a technique to bypass browser isolation using QR codes<gwmw style="display:none;"></gwmw><gwmw style="display:none;"></gwmw>

Mandiant revealed a technique to bypass browser isolation using QR codes, enabling command transmission from…

21 hours ago

2023 Anna Jaques Hospital data breach impacted over 310,000 people

Anna Jaques Hospital revealed that the ransomware attack it suffered last year has exposed sensitive health…

1 day ago

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 23

Security Affairs Malware newsletter includes a collection of the best articles and research on malware…

2 days ago

Security Affairs newsletter Round 501 by Pierluigi Paganini – INTERNATIONAL EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles…

2 days ago

This website uses cookies.