The Latest in IT Security

How Chinese hackers got their hands on Microsoft’s token signing key

07
Sep
2023
How Chinese hackers got their hands on Microsoft’s token signing key

image credit: pexels

The mystery of how Chinese hackers managed to steal a crucial signing key that allowed them to breach Microsoft 365’s email service and access accounts of employees of 25 government agencies has been explained: they found it somewhere where it shouldn’t have been – Microsoft’s corporate environment.

The theft of a Microsoft signing key

In short:

  • The key was included in the crash dump of a consumer signing system located in Microsoft’s “highly isolated and restricted production environment
  • Microsoft didn’t notice it
  • The crash dump was moved to the company’s debugging environment on the internet-connected corporate network

Related posts:
  1. Microsoft Pledges to Store European Cloud Data in EU
  2. Severe Vulnerabilities Could Expose Thousands of Azure Users to Attacks
  3. Microsoft Patches Vulnerability Allowing Full Access to Azure Service Fabric Clusters
  4. DOD Awards $9B Contract to Top 3 Cloud Providers and Oracle
  5. Microsoft Expands Cloud Logging to Counter Rising Nation-State Cyber Threats

Read More

Tags:  
Written by Helpnetsecurity
0 Comments
Comments are closed.

Categories

SATURDAY, APRIL 27, 2024
WHITE PAPERS

Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...

Featured

Archives

Latest Comments