Mimecast certificate compromised by a threat actor
A Mimecast-issued certificate provided to certain customers to authenticate Mimecast Sync and Recover, Continuity Monitor, and IEP products to Microsoft 365 Exchange Web Services has been compromised by a sophisticated threat actor.
In a notice, Mimecast said approximately 10% of customers use this connection, and "there are indications that a low single digit number of our customers’ M365 tenants were targeted."