Security News > 2023 > July > Stolen Microsoft key offered widespread access to Microsoft cloud services
The Microsoft consumer signing key stolen by Storm-0558 Chinese hackers provided them with access far beyond the Exchange Online and Outlook.com accounts that Redmond said were compromised, according to Wiz security researchers.
While Microsoft said that only Exchange Online and Outlook were impacted, Wiz says the threat actors could use the compromised Microsoft consumer signing key to impersonate any account within any impacted customer or cloud-based Microsoft application.
In response to the security breach, Microsoft revoked all valid MSA signing keys to ensure that the threat actors didn't have access to other compromised keys.
After invalidating the stolen signing key, Microsoft found no further evidence suggesting additional unauthorized access to its customers' accounts using the same auth token forging technique.
Microsoft reported observing a shift in Storm-0558 tactics, showing that the threat actors no longer had access to any signing keys.
Microsoft still unsure how hackers stole Azure AD signing key.