Security News > 2023 > July > Microsoft Bug Allowed Hackers to Breach Over Two Dozen Organizations via Forged Azure AD Tokens
Microsoft on Friday said a validation error in its source code allowed for Azure Active Directory tokens to be forged by a malicious actor known as Storm-0558 using a Microsoft account consumer signing key to breach two dozen organizations.
"Storm-0558 acquired an inactive MSA consumer signing key and used it to forge authentication tokens for Azure AD enterprise and MSA consumer to access OWA and Outlook.com," the tech giant said in a deeper analysis of the campaign.
"Though the key was intended only for MSA accounts, a validation issue allowed this key to be trusted for signing Azure AD tokens. This issue has been corrected."
It's said to have been active since at least August 2021, orchestrating credential harvesting, phishing campaigns, and OAuth token attacks aimed at Microsoft accounts to pursue its goals.
Microsoft said since the discovery of the campaign on June 16, 2023, it has "Identified the root cause, established durable tracking of the campaign, disrupted malicious activities, hardened the environment, notified every impacted customer, and coordinated with multiple government entities." It also noted it mitigated the issue "On customers' behalf" effective June 26, 2023.
The disclosure comes as Microsoft has faced criticism for its handling of the hack and for gating forensic capabilities behind additional licensing barriers, thereby preventing customers from accessing detailed audit logs that could have otherwise helped analyze the incident.
News URL
https://thehackernews.com/2023/07/microsoft-bug-allowed-hackers-to-breach.html
Related news
- U.S. Cyber Safety Board Slams Microsoft Over Breach by China-Based Hackers (source)
- Microsoft: Russian hackers accessed internal systems, code repositories (source)
- Chinese Earth Krahang hackers breach 70 orgs in 23 countries (source)
- Russia Hackers Using TinyTurla-NG to Breach European NGO's Systems (source)
- Hackers exploit Ray framework flaw to breach servers, hijack resources (source)
- Finland confirms APT31 hackers behind 2021 parliament breach (source)
- CISA Warns: Hackers Actively Attacking Microsoft SharePoint Vulnerability (source)
- Microsoft still unsure how hackers stole MSA key in 2023 Exchange attack (source)
- U.S. Federal Agencies Ordered to Hunt for Signs of Microsoft Breach and Mitigate Risks (source)
- Microsoft breach allowed Russian spies to steal emails from US government (source)