SolarWinds hackers stole Mimecast source code

The full scope of the breach could take months to understand.
(Getty Images)

Attackers behind the SolarWinds hacking campaign successfully stole Mimecast source code as part of their sweeping espionage operation, the email security firm said in an incident report published Tuesday.

The hackers, which U.S. government officials suggested are “likely” Russian actors, “accessed and downloaded a limited number of our source code repositories, but we found no evidence of any modifications to our source code nor do we believe there was any impact on our products,” Mimecast said in the incident report.

Mimecast added that it has replaced all compromised servers and that it has no reason to believe the hackers accessed email or archive content of customers.

Mimecast had previously disclosed that the hackers compromised a security certificate the company used to secure connections. The latest revelation, which comes more than two months after its disclosure the certificate was compromised, now underscores just how long it may take to get a full picture of the hackers’ espionage operation.


Already, the hackers are known to have viewed Microsoft’s source code and stolen security tools FireEye used to test clients’ defenses.

The White House has warned in recent weeks that triaging the damage from the SolarWinds hackers, who laced malicious code in a SolarWinds software update, could take months.

“Many of the private sector compromises are technology companies including networks of companies whose products can be used to launch other intrusions,” Deputy National Security Advisor for Cyber and Emerging Technology Anne Neuberger said during a White House press briefing in February.

As the Biden administration works to respond to SolarWinds and the exploitation of newly disclosed Microsoft Exchange Server vulnerabilities, the federal government is weighing whether it should roll out cybersecurity ratings for software in order to promote secure software practices, one senior administration official told reporters earlier this month.

Shannon Vavra

Written by Shannon Vavra

Shannon Vavra covers the NSA, Cyber Command, espionage, and cyber-operations for CyberScoop. She previously worked at Axios as a news reporter, covering breaking political news, foreign policy, and cybersecurity. She has appeared on live national television and radio to discuss her reporting, including on MSNBC, Fox News, Fox Business, CBS, Al Jazeera, NPR, WTOP, as well as on podcasts including Motherboard’s CYBER and The CyberWire’s Caveat. Shannon hails from Chicago and received her bachelor’s degree from Tufts University.

Latest Podcasts