Storm-0558 Microsoft Attack and Adapt

In early July, Microsoft announced Storm-0558 where a Chinese threat actor used forged authentication tokens to access the information – primarily email accounts – of about 25 organizations. This attack included some significant organizations including the US Department of Commerce and, reportedly, the US Ambassador to China. The attack was particularly concerning because Microsoft revealed that the attacker was forging Azure AD tokens using an acquired Microsoft account signing key.   In Microsoft’s words, "Though the key was intended only for MSA accounts, a validation issue allowed this key to be trusted for signing Azure AD tokens. This issue has been corrected."

The post Storm-0558 Microsoft Attack and Adapt appeared first on Security Boulevard.