Microsoft continues to grapple with the aftermath of a cyber attack orchestrated by China-backed hackers, who stole a critical key enabling them to stealthily access numerous email inboxes, including those of several federal government agencies. The technology giant remains tight-lipped about the methods employed by the hackers to obtain the Microsoft signing key, used to forge authentication tokens for unauthorized access.
Microsoft Attribution to Storm-0558 and Alleged Targets
In a blog post last Friday, Microsoft disclosed the cyber attack, attributing it to an espionage group it identified as Storm-0558, which the company believes has strong ties to China. The attacks took place over a month, starting in mid-May, and targeted a limited number of government accounts, reportedly in the single digits. Among the alleged targets were U.S. Commerce Secretary Gina Raimondo and U.S. State Department officials, as well as other undisclosed organizations.
Targeting Microsoft Cloud and Acquiring MSA Key
Unlike previous Chinese hacking incidents involving unknown vulnerabilities in Microsoft-powered email servers, this group directly targeted new and undisclosed vulnerabilities in Microsoft’s cloud infrastructure. The hackers obtained one of Microsoft’s consumer signing keys (MSA key), initially believed to be an enterprise signing key, and used it to forge authentication tokens, gaining unauthorized access to enterprise inboxes due to a “validation error in Microsoft code.”
Microsoft’s Response and Scrutiny
Microsoft asserted that it has blocked all hacker activity related to the incident, implying that the threat is no longer active. However, the company now faces scrutiny for its handling of the breach, considered the most significant breach of unclassified government data since the 2020 SolarWinds espionage campaign. Microsoft’s blog post avoided using terms like “zero-day” vulnerability, leading to criticism of the company’s damage control efforts. Additionally, concerns were raised about the lack of visibility into intrusions by government departments themselves and the limited security logging for certain accounts.
The Road Ahead for Microsoft
While Microsoft’s recent disclosure offered some technical details and indicators of compromise for incident responders, many questions remain unanswered. The company’s handling of the incident and the scope of the breach will likely be under intense scrutiny for some time. As the investigation continues, Microsoft faces challenges in restoring public confidence and bolstering its cybersecurity measures to prevent future cyber threats.
Also Read The Latest News:
Tesla directors to return $735 million to settle shareholder lawsuit
Swiggy launches Network Expansion Insights dashboard for restaurant partners