Security News > 2023 > July > Stolen Azure AD key offered widespread access to Microsoft cloud services
The Microsoft private encryption key stolen by Storm-0558 Chinese hackers provided them with access far beyond the Exchange Online and Outlook.com accounts that Redmond said were compromised, according to Wiz security researchers.
While Microsoft said that only Exchange Online and Outlook were impacted, Wiz says the threat actors could use the compromised Azure AD private key to impersonate any account within any impacted customer or cloud-based Microsoft application.
In response to the security breach, Microsoft revoked all valid MSA signing keys to ensure that the threat actors didn't have access to other compromised keys.
After invalidating the stolen enterprise signing key, Microsoft found no further evidence suggesting additional unauthorized access to its customers' accounts using the same auth token forging technique.
Microsoft reported observing a shift in Storm-0558 tactics, showing that the threat actors no longer had access to any signing keys.
Microsoft still unsure how hackers stole Azure AD signing key.
News URL
Related news
- Microsoft warns Azure Virtual Desktop users of black screen issues (source)
- Microsoft Fixes AI, Cloud, and ERP Security Flaws; One Exploited in Active Attacks (source)
- HubSpot phishing targets 20,000 Microsoft Azure accounts (source)
- CISA orders federal agencies to secure their Microsoft cloud environments (source)