Sunday, October 13, 2024
HomeCyber Security NewsChinese Hack of Microsoft Consumer Key Stemmed From its Engineer’s Corporate Account

Chinese Hack of Microsoft Consumer Key Stemmed From its Engineer’s Corporate Account

Published on

Malware protection

Storm-0558, a threat actor based in China, has recently gained access to a Microsoft account consumer key. This has allowed them to infiltrate and compromise 25 organizations, including those within government agencies.

Since May 15, 2023, they have been using fake tokens to access emails for espionage.

On July 11, 2023, Microsoft implemented a block on the campaign of Storm-0558 while ensuring that other environments were not affected.

- Advertisement - SIEM as a Service

U.S. Commerce Secretary Gina Raimondo and other high-profile individuals may have had their private emails accessed by hackers.

Investigation from Microsoft

After categorizing the threat actor group, Microsoft initiated an inquiry into the methods employed by the threat actors to obtain the Microsoft account consumer signing key and how it was utilized to gain entry into enterprise email systems.

In their investigation, the company determined a consumer signing system crash in April of 2021, which led to the creation of a snapshot of the crashed process.

At the time of occurrence, it was not within Microsoft’s knowledge that the crash dump contained the aforementioned key material.

Then, the crash dump was found to be moved to the debugging environment on the internet-connected corporate network, believing the key was not included.

Microsoft believes the key was leaked from the crash dump in the corporate environment by successfully compromising a Microsoft engineer’s corporate account.

“Due to log retention policies, we don’t have logs with specific evidence of this exfiltration by this actor, but this was the most probable mechanism by which the actor acquired the key.”

Microsoft has reported that the problems mentioned above have been resolved, and an improved credential scanning technology has been implemented to identify the signing key’s existence more accurately.

The Chinese Embassy, situated in Washington, D.C., did not respond to an email sent. The government of China has dismissed the accusation of stealing emails belonging to high-ranking officials in the United States as “unfounded.”

Organizations must take proactive measures to ensure the security of their accounts and data, especially in light of such threats.

Keep informed about the latest Cyber Security News by following us on Google NewsLinkedinTwitter, and Facebook.

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

Threat Actor ProKYC Selling Tools To Bypass Two-Factor Authentication

Threat actors are leveraging a newly discovered deepfake tool, ProKYC, to bypass two-factor authentication...

Mozilla Warns Of Firefox Zero-Day Actively Exploited In Cyber Attacks

A critical use-after-free vulnerability affecting Firefox and Firefox Extended Support Release (ESR) is being...

SpyCloud Embeds Identity Analytics in Cybercrime Investigations Solution to Accelerate Insider and Supply Chain Risk Analysis & Threat Actor Attribution

IDLink, SpyCloud’s new automated digital identity correlation capability, is now core to its industry-leading...

Abusix and Red Sift Form New Partnership, Leveraging Automation to Mitigate Cyber Attacks

The agreement has marked over 600,000 fraudulent domains for takedown in just two months...

Free Webinar

Protect Websites & APIs from Malware Attack

Malware targeting customer-facing websites and API applications poses significant risks, including compliance violations, defacements, and even blacklisting.

Join us for an insightful webinar featuring Vivek Gopalan, VP of Products at Indusface, as he shares effective strategies for safeguarding websites and APIs against malware.

Discussion points

Scan DOM, internal links, and JavaScript libraries for hidden malware.
Detect website defacements in real time.
Protect your brand by monitoring for potential blacklisting.
Prevent malware from infiltrating your server and cloud infrastructure.

More like this

Threat Actor ProKYC Selling Tools To Bypass Two-Factor Authentication

Threat actors are leveraging a newly discovered deepfake tool, ProKYC, to bypass two-factor authentication...

Hackers Exploiting Zero-day Flaw in Qualcomm Chips to Attack Android Users

Hackers exploit a zero-day vulnerability found in Qualcomm chipsets, potentially affecting millions worldwide.The flaw,...

Foxit PDF Reader Vulnerability Let Attackers Execute Arbitary Code

Researchers recently disclosed six new security vulnerabilities across various software, as one critical vulnerability...