Security News > 2024 > April > A “cascade” of errors let Chinese hackers into US government inboxes
Microsoft still doesn't known how Storm-0558 attackers managed to steal the Microsoft Services Account cryptographic key they used to forge authentication tokens needed to access email accounts belonging to US government officials.
"The stolen 2016 MSA key in combination with [a] flaw in the token validation system permitted the threat actor to gain full access to essentially any Exchange Online account," CISA's Cyber Safety Review Board noted in a recently released Review of the Summer 2023 Microsoft Exchange Online Intrusion.
"Microsoft does not know when Storm-0558 discovered that consumer signing keys could forge tokens that worked on both OWA consumer and enterprise Exchange Online. Microsoft speculates that the threat actor could have discovered this capability through trial and error."
In May and June 2023, Storm-0558 - a hacking group associated with the Chinese government - compromised Microsoft's cloud environment and accessed cloud-based mailboxes of US State Department officials, Commerce Department's officials, as well as users at other government and private sector organizations in the US, the UK, and elsewhere.
"The Board finds that this intrusion was preventable and should never have occurred. The Board also concludes that Microsoft's security culture was inadequate and requires an overhaul," the CSRB stated, and advised Microsoft to make its CEO and Board of Directors focus on the company's security culture and security-focused reforms across the company and products.
"The Board recommends that Microsoft's CEO hold senior officers accountable for delivery against this plan. In the meantime, Microsoft leadership should consider directing internal Microsoft teams to deprioritize feature developments across the company's cloud infrastructure and product suite until substantial security improvements have been made in order to preclude competition for resources."
News URL
https://www.helpnetsecurity.com/2024/04/03/microsoft-storm-0558-key/
Related news
- Chinese State Hackers Target Tibetans with Supply Chain, Watering Hole Attacks (source)
- Chinese Earth Krahang hackers breach 70 orgs in 23 countries (source)
- CISA shares critical infrastructure defense tips against Chinese hackers (source)
- Chinese snoops use F5, ConnectWise bugs to sell access into top US, UK networks (source)
- US sanctions APT31 hackers behind critical infrastructure attacks (source)
- US charges Chinese nationals with cyber-spying on pretty much everyone for Beijing (source)
- US Health Dept warns hospitals of hackers targeting IT help desks (source)
- US senator wants to put the brakes on Chinese EVs (source)