Security News > 2024 > April > Microsoft still unsure how hackers stole MSA key in 2023 Exchange attack
![Microsoft still unsure how hackers stole MSA key in 2023 Exchange attack](/static/build/img/news/microsoft-still-unsure-how-hackers-stole-msa-key-in-2023-exchange-attack-medium.jpg)
The U.S. Department of Homeland Security's Cyber Safety Review Board has released a scathing report on how Microsoft handled its 2023 Exchange Online attack, warning that the company needs to do better at securing data and be more truthful about how threat actors stole an Azure signing key.
Almost 10 months after Microsoft started the investigation, the CSRB states there isn't any definitive evidence on how the threat actor obtained the signing key, regardless of what Microsoft previously claimed.
The CSRB conducted its analysis of the Microsoft Exchange Online hack in 2023 based on details obtained from impacted organizations, cybersecurity companies and experts, law enforcement agencies, and meetings with Microsoft representatives.
The hackers accessed the email accounts using forged authentication tokens signed with a Microsoft Services Account consumer key the company created in 2016 and which should have been revoked in March 2021.
"Microsoft believes, although it has produced no specific evidence to such effect, that this 2021 intrusion was likely connected to the 2023 Exchange Online compromise because it is the only other known Storm-0558 intrusion of Microsoft's network in recorded memory. During this 2021 incident, Microsoft believes that Storm-0558 gained access to sensitive authentication and identity data" - Cyber Safety Review Board.
The CSRB says that, to this day, Microsoft still has no conclusive evidence as to how the threat actors stole the signing key, and that the investigation is ongoing.
News URL
Related news
- Microsoft links Scattered Spider hackers to Qilin ransomware attacks (source)
- Hackers Use MS Excel Macro to Launch Multi-Stage Malware Attack in Ukraine (source)
- Azure Service Tags Vulnerability: Microsoft Warns of Potential Abuse by Hackers (source)
- Microsoft launches cybersecurity program to tackle attacks, protect rural hospitals (source)
- Microsoft bigwig says the Feds catching Chinese spies in Exchange Online is the cloud working as intended (source)
- Pakistani Hackers Use DISGOMOJI Malware in Indian Government Cyber Attacks (source)
- New Attack Technique Exploits Microsoft Management Console Files (source)
- 'Skeleton Key' attack unlocks the worst of AI, says Microsoft (source)
- Hackers attack HFS servers to drop malware and Monero miners (source)
- Hackers Exploiting Jenkins Script Console for Cryptocurrency Mining Attacks (source)