Microsoft grapples with China-backed hackers, ongoing investigation raises concerns

Share via:

Microsoft continues to grapple with the aftermath of a cyber attack orchestrated by China-backed hackers, who stole a critical key enabling them to stealthily access numerous email inboxes, including those of several federal government agencies. The technology giant remains tight-lipped about the methods employed by the hackers to obtain the Microsoft signing key, used to forge authentication tokens for unauthorized access.

Microsoft Attribution to Storm-0558 and Alleged Targets

In a blog post last Friday, Microsoft disclosed the cyber attack, attributing it to an espionage group it identified as Storm-0558, which the company believes has strong ties to China. The attacks took place over a month, starting in mid-May, and targeted a limited number of government accounts, reportedly in the single digits. Among the alleged targets were U.S. Commerce Secretary Gina Raimondo and U.S. State Department officials, as well as other undisclosed organizations.

Targeting Microsoft Cloud and Acquiring MSA Key

Unlike previous Chinese hacking incidents involving unknown vulnerabilities in Microsoft-powered email servers, this group directly targeted new and undisclosed vulnerabilities in Microsoft’s cloud infrastructure. The hackers obtained one of Microsoft’s consumer signing keys (MSA key), initially believed to be an enterprise signing key, and used it to forge authentication tokens, gaining unauthorized access to enterprise inboxes due to a “validation error in Microsoft code.”

Microsoft’s Response and Scrutiny

Microsoft asserted that it has blocked all hacker activity related to the incident, implying that the threat is no longer active. However, the company now faces scrutiny for its handling of the breach, considered the most significant breach of unclassified government data since the 2020 SolarWinds espionage campaign. Microsoft’s blog post avoided using terms like “zero-day” vulnerability, leading to criticism of the company’s damage control efforts. Additionally, concerns were raised about the lack of visibility into intrusions by government departments themselves and the limited security logging for certain accounts.

The Road Ahead for Microsoft

While Microsoft’s recent disclosure offered some technical details and indicators of compromise for incident responders, many questions remain unanswered. The company’s handling of the incident and the scope of the breach will likely be under intense scrutiny for some time. As the investigation continues, Microsoft faces challenges in restoring public confidence and bolstering its cybersecurity measures to prevent future cyber threats.

Also Read The Latest News:
Tesla directors to return $735 million to settle shareholder lawsuit
Swiggy launches Network Expansion Insights dashboard for restaurant partners

Disclaimer

We strive to uphold the highest ethical standards in all of our reporting and coverage. We StartupNews.fyi want to be transparent with our readers about any potential conflicts of interest that may arise in our work. It’s possible that some of the investors we feature may have connections to other businesses, including competitors or companies we write about. However, we want to assure our readers that this will not have any impact on the integrity or impartiality of our reporting. We are committed to delivering accurate, unbiased news and information to our audience, and we will continue to uphold our ethics and principles in all of our work. Thank you for your trust and support.

Popular

More Like this

Microsoft grapples with China-backed hackers, ongoing investigation raises concerns

Microsoft continues to grapple with the aftermath of a cyber attack orchestrated by China-backed hackers, who stole a critical key enabling them to stealthily access numerous email inboxes, including those of several federal government agencies. The technology giant remains tight-lipped about the methods employed by the hackers to obtain the Microsoft signing key, used to forge authentication tokens for unauthorized access.

Microsoft Attribution to Storm-0558 and Alleged Targets

In a blog post last Friday, Microsoft disclosed the cyber attack, attributing it to an espionage group it identified as Storm-0558, which the company believes has strong ties to China. The attacks took place over a month, starting in mid-May, and targeted a limited number of government accounts, reportedly in the single digits. Among the alleged targets were U.S. Commerce Secretary Gina Raimondo and U.S. State Department officials, as well as other undisclosed organizations.

Targeting Microsoft Cloud and Acquiring MSA Key

Unlike previous Chinese hacking incidents involving unknown vulnerabilities in Microsoft-powered email servers, this group directly targeted new and undisclosed vulnerabilities in Microsoft’s cloud infrastructure. The hackers obtained one of Microsoft’s consumer signing keys (MSA key), initially believed to be an enterprise signing key, and used it to forge authentication tokens, gaining unauthorized access to enterprise inboxes due to a “validation error in Microsoft code.”

Microsoft’s Response and Scrutiny

Microsoft asserted that it has blocked all hacker activity related to the incident, implying that the threat is no longer active. However, the company now faces scrutiny for its handling of the breach, considered the most significant breach of unclassified government data since the 2020 SolarWinds espionage campaign. Microsoft’s blog post avoided using terms like “zero-day” vulnerability, leading to criticism of the company’s damage control efforts. Additionally, concerns were raised about the lack of visibility into intrusions by government departments themselves and the limited security logging for certain accounts.

The Road Ahead for Microsoft

While Microsoft’s recent disclosure offered some technical details and indicators of compromise for incident responders, many questions remain unanswered. The company’s handling of the incident and the scope of the breach will likely be under intense scrutiny for some time. As the investigation continues, Microsoft faces challenges in restoring public confidence and bolstering its cybersecurity measures to prevent future cyber threats.

Also Read The Latest News:
Tesla directors to return $735 million to settle shareholder lawsuit
Swiggy launches Network Expansion Insights dashboard for restaurant partners

Disclaimer

We strive to uphold the highest ethical standards in all of our reporting and coverage. We StartupNews.fyi want to be transparent with our readers about any potential conflicts of interest that may arise in our work. It’s possible that some of the investors we feature may have connections to other businesses, including competitors or companies we write about. However, we want to assure our readers that this will not have any impact on the integrity or impartiality of our reporting. We are committed to delivering accurate, unbiased news and information to our audience, and we will continue to uphold our ethics and principles in all of our work. Thank you for your trust and support.

Website Upgradation is going on for any glitch kindly connect at office@startupnews.fyi

More like this

EU closes antitrust probe into Apple’s e-book and audiobook...

The European Commission (EC) has quietly closed a...

Westbridge Capital Offloads 2% Of Its Stake In Freshworks

SUMMARY Westbridge Capital Management sold 2.75 Lakhs shares of...

Popular

Upcoming Events

Startup Information that matters. Get in your inbox Daily!