Security News > 2023 > July > Stolen Azure AD key offered widespread access to Microsoft cloud services
The Microsoft private encryption key stolen by Storm-0558 Chinese hackers provided them with access far beyond the Exchange Online and Outlook.com accounts that Redmond said were compromised, according to Wiz security researchers.
While Microsoft said that only Exchange Online and Outlook were impacted, Wiz says the threat actors could use the compromised Azure AD private key to impersonate any account within any impacted customer or cloud-based Microsoft application.
In response to the security breach, Microsoft revoked all valid MSA signing keys to ensure that the threat actors didn't have access to other compromised keys.
After invalidating the stolen enterprise signing key, Microsoft found no further evidence suggesting additional unauthorized access to its customers' accounts using the same auth token forging technique.
Microsoft reported observing a shift in Storm-0558 tactics, showing that the threat actors no longer had access to any signing keys.
Microsoft still unsure how hackers stole Azure AD signing key.
News URL
Related news
- Microsoft Identifies Storm-0501 as Major Threat in Hybrid Cloud Ransomware Attacks (source)
- Ransomware gang using stolen Microsoft Entra ID creds to bust into the cloud (source)
- Ransomware attackers hop from on-premises systems to cloud to compromise Microsoft 365 accounts (source)
- Microsoft lost some customers’ cloud security logs (source)
- Microsoft creates fake Azure tenants to pull phishers into honeypots (source)
- Microsoft warns Azure Virtual Desktop users of black screen issues (source)