Quote:Hackers who compromised Mimecast networks as part of the SolarWinds espionage campaign have swiped some of the security firm’s source code repositories, according to an update by the company.
The email security firm initially reported that a certificate compromise in January was part of the sprawling SolarWinds supply-chain attack that also hit Microsoft, FireEye and several U.S. government agencies.
Attackers were found initially to have stolen a subset of Mimecast customers’ email addresses and other contact information, as well as certain hashed and salted credentials. However, in the most recent part of its investigation into the SolarWinds hack, Mimecast said it has found evidence that a “limited” number of source code repositories were also accessed.
However, the security vendor sought to downplay the impact of this access: “We believe that the source code downloaded by the threat actor was incomplete and would be insufficient to build and run any aspect of the Mimecast service,” it said in a Tuesday update. “We found no evidence that the threat actor made any modifications to our source code nor do we believe that there was any impact on our products.”
Read more: Mimecast: SolarWinds Attackers Stole Source Code | Threatpost
![[-]](https://www.geeks.fyi/images/collapse.png)
