Security News > 2024 > April > A “cascade” of errors let Chinese hackers into US government inboxes
Microsoft still doesn't known how Storm-0558 attackers managed to steal the Microsoft Services Account cryptographic key they used to forge authentication tokens needed to access email accounts belonging to US government officials.
"The stolen 2016 MSA key in combination with [a] flaw in the token validation system permitted the threat actor to gain full access to essentially any Exchange Online account," CISA's Cyber Safety Review Board noted in a recently released Review of the Summer 2023 Microsoft Exchange Online Intrusion.
"Microsoft does not know when Storm-0558 discovered that consumer signing keys could forge tokens that worked on both OWA consumer and enterprise Exchange Online. Microsoft speculates that the threat actor could have discovered this capability through trial and error."
In May and June 2023, Storm-0558 - a hacking group associated with the Chinese government - compromised Microsoft's cloud environment and accessed cloud-based mailboxes of US State Department officials, Commerce Department's officials, as well as users at other government and private sector organizations in the US, the UK, and elsewhere.
"The Board finds that this intrusion was preventable and should never have occurred. The Board also concludes that Microsoft's security culture was inadequate and requires an overhaul," the CSRB stated, and advised Microsoft to make its CEO and Board of Directors focus on the company's security culture and security-focused reforms across the company and products.
"The Board recommends that Microsoft's CEO hold senior officers accountable for delivery against this plan. In the meantime, Microsoft leadership should consider directing internal Microsoft teams to deprioritize feature developments across the company's cloud infrastructure and product suite until substantial security improvements have been made in order to preclude competition for resources."
News URL
https://www.helpnetsecurity.com/2024/04/03/microsoft-storm-0558-key/
Related news
- Chinese hackers breached 20,000 FortiGate systems worldwide (source)
- 20,000 FortiGate appliances compromised by Chinese hackers (source)
- Chinese Hackers Deploy SpiceRAT and SugarGh0st in Global Espionage Campaign (source)
- Chinese and N. Korean Hackers Target Global Infrastructure with Ransomware (source)
- US lawmakers wave red flags over Chinese drone dominance (source)
- Chinese Hackers Exploiting Cisco Switches Zero-Day to Deliver Malware (source)
- Chinese APT40 hackers hijack SOHO routers to launch attacks (source)
- Chinese Hackers Target Taiwan and U.S. NGO with MgBot and MACMA Malware (source)
- Chinese hackers deploy new Macma macOS backdoor version (source)
- US offers $10M for tips on DPRK hacker linked to Maui ransomware attacks (source)