SolarWinds Orion (Sunburst) - Mimecast

[Cross-posted from the Yet Another Security Blog by Craig Buchanan of Stillwater]

A new Mimecast update says that the hackers behind the SolarWinds had accessed source code repositories from Mimecast. They indicate that they believe that the threat actors did not alter any source code. Separately it appears that the threat actors also got source code from Microsoft.

Additionally, CISA Hunt and Incident Response Program (CHIRP {don't you love government acronyms}) released an executable and Python script that will let you know if you have been affected. Link below. 

https://threatpost.com/mimecast-solarwinds-attackers-stole-source-code/164847/

https://www.scmagazine.com/home/email-security/solarwinds-threat-actor-gains-access-to-mimecasts-production-grid-environment/

https://securityaffairs.co/wordpress/115670/data-breach/solarwinds-hackers-stole-mimecast-code.html?&web_view=true

https://www.zdnet.com/article/solarwinds-linked-hacking-group-silverfish-abuses-enterprise-victims-in-sandbox-malware-tests/

https://www.helpnetsecurity.com/2021/03/19/iocs-solarwinds-attackers/

Additionally, the Biden administration among others has begun to mention Cyber Security Ratings as a protective measure from these types of incidents in the future. Many security experts caution there are both positives and negatives. I will say that I have explored this to a great degree, and full disclosure has thought to add this as a service offered by my private security firm. I honestly am not sure you can ever mitigate against an event like this with external review only.  

https://www.scmagazine.com/home/government/security-labeling-could-raise-the-bar-on-cyber-hygiene-but-wont-stop-the-next-solarwinds/?web_view=true

Government links:

https://us-cert.cisa.gov/ncas/alerts/aa21-077a

For more information, or to comment on this topic, visit Yet Another Security Blog.