The mystery of how Chinese hackers managed to steal a crucial signing key that allowed them to breach Microsoft 365’s email service and access accounts of employees of 25 government agencies has been explained: they found it somewhere where it shouldn’t have been – Microsoft’s corporate environment.
The theft of a Microsoft signing key
In short:
- The key was included in the crash dump of a consumer signing system located in Microsoft’s “highly isolated and restricted production environment
- Microsoft didn’t notice it
- The crash dump was moved to the company’s debugging environment on the internet-connected corporate network