Security

Fidelis, Mimecast, Palo Alto Networks, Qualys also impacted by SolarWinds hack

Security vendors Fidelis, Mimecast, Palo Alto Networks, and Qualys revealed that were also impacted by SolarWinds supply chain attack

The SolarWinds supply chain attack is worse than initially thought, other security providers, confirmed that they were also impacted. Mimecast, Palo Alto Networks, Qualys, and Fidelis confirmed to have installed tainted updates of the SolarWinds Orion app.

Mimecast was the first security provider of the above ones that disclosed a major security breach, it revealed that threat actors compromised its internal network and leveraged digital certificates used by one of its products to access the Microsoft 365 accounts of some of its customers.

“Microsoft recently informed us that a Mimecast-issued certificate provided to certain customers to authenticate Mimecast Sync and Recover, Continuity Monitor, and IEP products to Microsoft 365 Exchange Web Services has been compromised by a sophisticated threat actor.” reads the announcement published by Mimecast.

“Approximately 10 percent of our customers use this connection. Of those that do, there are indications that a low single digit number of our customers’ M365 tenants were targeted.”

Today, Mimecast published a new update to confirm that the incident was linked to the SolarWinds supply chain attack that resulted in the installation of tainted SolarWinds updates on its systems.

“Our investigation has now confirmed that this incident is related to the SolarWinds Orion software compromise and was perpetrated by the same sophisticated threat actor.” reads the update.

“Our investigation also showed that the threat actor accessed, and potentially exfiltrated, certain encrypted service account credentials created by customers hosted in the United States and the United Kingdom.”

Security experts from security firm NETRESEC revealed this week that security provider Qualys was also a victim of the SolarWinds attack.

Qualys confirmed to the media that a malicious version of the Orion software infected its systems.

Below the list of other impacted organizations shared by the experts:

  • central.pima.gov (confirmed)
  • cisco.com (confirmed)
  • corp.qualys.com (confirmed)
  • coxnet.cox.com (confirmed)
  • ddsn.gov
  • fc.gov
  • fox.local
  • ggsg-us.cisco.com (confirmed)
  • HQ.FIDELIS (confirmed)
  • jpso.gov
  • lagnr.chevrontexaco.net
  • logitech.local
  • los.local
  • mgt.srb.europa* (confirmed)
  • ng.ds.army.mil
  • nsanet.local
  • paloaltonetworks* (confirmed)
  • phpds.org
  • scc.state.va.us (confirmed)
  • suk.sas.com
  • vgn.viasatgsd.com
  • wctc.msft
  • WincoreWindows.local

The above list includes Fidelis Cybersecurity and Palo Alto Networks, the former confirmed that attack but pointed out that attackers did not were able to deploy the second-stage payload.

Palo Alto Networks representative told Forbes that it detected two SolarWinds-linked incidents that took place in September and October 2020.

“Palo Alto said its own tools detected the malware by looking at its anomalous behavior, and so it was blocked.” reported Forbes. “Our Security Operation Center then immediately isolated the server, initiated an investigation and verified our infrastructure was secure. Additionally, at this time, our SOC notified SolarWinds of the activity observed. The investigation by our SOC concluded that the attempted attack was unsuccessful and no data was compromised,” the company said.

Other security firms that were impacted in the SolarWinds supply chain attack are FireEyeMicrosoftCrowdStrike (attackers were not able to breach the security firm), and Malwarebytes (company hacked by SolarWinds attackers in a separate incident).

If you want to receive the weekly Security Affairs Newsletter for free subscribe here.

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, SolarWinds)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.

Recent Posts

A new Mirai botnet variant targets DigiEver DS-2105 Pro DVRs

Akamai researchers discovered a new Mirai botnet variant targeting a vulnerability in DigiEver DS-2105 Pro…

6 hours ago

A ransomware attack disrupted services at Pittsburgh Regional Transit

A ransomware attack on Pittsburgh Regional Transit (PRT) was the root cause of the agency's…

8 hours ago

A cyber attack hit Japan Airlines delaying ticket sales for flights

A cyberattack hit Japan Airlines (JAL), causing the suspension of ticket sales for flights departing…

12 hours ago

Apache fixed a critical SQL Injection in Apache Traffic Control

Apache Software Foundation (ASF) addressed a critical SQL Injection vulnerability, tracked as CVE-2024-45387, in Apache Traffic…

21 hours ago

BellaCPP, Charming Kitten’s BellaCiao variant written in C++

Iran-linked APT group Charming Kitten has been observed using a new variant of the BellaCiao…

1 day ago

DMM Bitcoin $308M Bitcoin heist linked to North Korea

Japanese and U.S. authorities attributed the theft of $308 million cryptocurrency from DMM Bitcoin to…

1 day ago

This website uses cookies.