Attackers behind the SolarWinds hacking campaign successfully stole Mimecast source code as part of their sweeping espionage operation.

The hackers, which U.S. government officials suggested are “likely” Russian actors, accessed and downloaded a limited number of our source code repositories, but we found no evidence of any modifications to our source code nor do we believe there was any impact on our products

Mimecast added that it has replaced all compromised servers and that it has no reason to believe the hackers accessed email or archive content of customers.

Mimecast had previously disclosed that the hackers compromised a security certificate the company used to secure connections. The latest revelation, which comes more than two months after its disclosure the certificate was compromised, now underscores just how long it may take to get a full picture of the hackers’ espionage operation.

The White House has warned in recent weeks that triaging the damage from the SolarWinds hackers, who laced malicious code in a SolarWinds software update, could take months.

As the Biden administration works to respond to SolarWinds and the exploitation of newly disclosed Microsoft Exchange Server vulnerabilities, the federal government is weighing whether it should roll out cybersecurity ratings for software in order to promote secure software practices.