Security News > 2023 > September > Outlook Hack: Microsoft Reveals How a Crash Dump Led to a Major Security Breach

Microsoft on Wednesday revealed that a China-based threat actor known as Storm-0558 acquired the inactive consumer signing key to forging tokens to access Outlook by compromising an engineer's corporate account.

"A consumer signing system crash in April of 2021 resulted in a snapshot of the crashed process," the Microsoft Security Response Center said in a post-mortem report.

"The crash dumps, which redact sensitive information, should not include the signing key. In this case, a race condition allowed the key to be present in the crash dump. The key material's presence in the crash dump was not detected by our systems."

The Windows maker said the crash dump was moved to a debugging environment on the internet-connected corporate network, from where Storm-0558 is suspected to have acquired the key after infiltrating the engineer's corporate account.

Storm-0558 is the moniker assigned by Microsoft to a hacking group that has been linked to the breach of approximately 25 organizations using the consumer signing key and obtaining unauthorized access to Outlook Web Access and Outlook.com.

Cloud security firm Wiz subsequently revealed in July that the compromised Microsoft consumer signing key could have enabled widespread access to other cloud services.

News URL

https://thehackernews.com/2023/09/outlook-breach-microsoft-reveals-how.html