The Latest in IT Security

How Chinese hackers got their hands on Microsoft’s token signing key

07
Sep
2023
How Chinese hackers got their hands on Microsoft’s token signing key

image credit: pexels

The mystery of how Chinese hackers managed to steal a crucial signing key that allowed them to breach Microsoft 365’s email service and access accounts of employees of 25 government agencies has been explained: they found it somewhere where it shouldn’t have been – Microsoft’s corporate environment.

The theft of a Microsoft signing key

In short:

  • The key was included in the crash dump of a consumer signing system located in Microsoft’s “highly isolated and restricted production environment
  • Microsoft didn’t notice it
  • The crash dump was moved to the company’s debugging environment on the internet-connected corporate network

Read More

Comments are closed.

Categories

TUESDAY, JUNE 18, 2024
WHITE PAPERS

Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...

Featured

Archives

Latest Comments