Security News > 2023 > September > Outlook Hack: Microsoft Reveals How a Crash Dump Led to a Major Security Breach

Microsoft on Wednesday revealed that a China-based threat actor known as Storm-0558 acquired the inactive consumer signing key to forging tokens to access Outlook by compromising an engineer's corporate account.
"A consumer signing system crash in April of 2021 resulted in a snapshot of the crashed process," the Microsoft Security Response Center said in a post-mortem report.
"The crash dumps, which redact sensitive information, should not include the signing key. In this case, a race condition allowed the key to be present in the crash dump. The key material's presence in the crash dump was not detected by our systems."
The Windows maker said the crash dump was moved to a debugging environment on the internet-connected corporate network, from where Storm-0558 is suspected to have acquired the key after infiltrating the engineer's corporate account.
Storm-0558 is the moniker assigned by Microsoft to a hacking group that has been linked to the breach of approximately 25 organizations using the consumer signing key and obtaining unauthorized access to Outlook Web Access and Outlook.com.
Cloud security firm Wiz subsequently revealed in July that the compromised Microsoft consumer signing key could have enabled widespread access to other cloud services.
News URL
https://thehackernews.com/2023/09/outlook-breach-microsoft-reveals-how.html
Related news
- Critical RCE bug in Microsoft Outlook now exploited in attacks (source)
- Microsoft shares workaround for Windows security update issues (source)
- Hackers exploit Cityworks RCE bug to breach Microsoft IIS servers (source)
- HPE notifies employees of data breach after Russian Office 365 hack (source)
- Windows 10 KB5051974 update force installs new Microsoft Outlook app (source)
- Australian fertility services giant Genea hit by security breach (source)
- Drug-screening biz DISA took a year to disclose security breach affecting millions (source)
- Microsoft fixes Outlook drag-and-drop broken by Windows updates (source)
- URGENT: Microsoft Patches 57 Security Flaws, Including 6 Actively Exploited Zero-Days (source)
- Patch Tuesday: Microsoft Fixes 57 Security Flaws – Including Active Zero-Days (source)