Session tokens are small files that allow users to stay persistently logged-in without having to constantly re-enter a password or re-authorize with two-factor authentication. Token-stealing malware, which can be delivered by phishing or malicious links, seek out session tokens on a victim’s computer. When reached for comment, Jeff Jones, senior director at Microsoft, told TechCrunch that the engineer’s account was compromised using “token-stealing malware,” but declined to comment further. Microsoft’s admission that the consumer signing key was probably stolen from its own systems ends a theory that the key may have been obtained elsewhere.īut the circumstances of how exactly the intruders hacked into Microsoft remains an open question. Microsoft said it cannot be completely certain this was how the key was stolen because “we don’t have logs with specific evidence of this exfiltration,” but said this was the “most probable mechanism by which the actor acquired the key.”Īs for how the consumer signing key granted access to enterprise and corporate email accounts of several organizations and government departments, Microsoft said its email systems were not automatically or properly performing key validation 4️⃣, which meant that Microsoft’s email system would “accept a request for enterprise email using a security token signed with the consumer key,” 5️⃣ the company said. Then, at some point after the snapshot image was moved to Microsoft’s corporate network in April 2021, Microsoft said that the Storm-0558 hackers were able to “successfully compromise” a Microsoft engineer’s corporate account, which had access to the debugging environment where the snapshot image containing the consumer signing key was stored. Microsoft said this was consistent with its standard debugging process, but that the company’s credential scanning methods also did not detect the key’s presence in the snapshot image 3️⃣. The snapshot image was “subsequently moved from the isolated production network into our debugging environment on the internet connected corporate network” to understand why the system crashed. Unbeknownst to Microsoft, when the system crashed, the snapshot image inadvertently included a copy of the consumer signing key 1️⃣ but Microsoft’s systems failed to detect the key in the snapshot 2️⃣. This consumer key signing system is kept in a “highly isolated and restricted” environment where internet access is blocked to defend against a range of cyberattacks. The crash produced a snapshot image of the system for later analysis. Microsoft said in its blog post that in April 2021, a system used as part of the consumer key signing process crashed. How the hackers obtained that consumer email signing key was a mystery - even to Microsoft - until this week when the technology giant belatedly laid out the five separate issues that led to the eventual leak of the key. Commerce Secretary Gina Raimondo and U.S. government officials and diplomats, reportedly including U.S. The hack is seen as a targeted espionage campaign aimed at snooping on the unclassified emails of U.S. The hackers used that digital skeleton key to break into both the personal and enterprise email accounts of government officials hosted by Microsoft. To recap, Microsoft disclosed in July that hackers it calls Storm-0558, which it believes are backed by China, “acquired” an email signing key that Microsoft uses to secure consumer email accounts like. But while one mystery was solved, several important details remain unknown. Microsoft explained in a long-awaited blog post this week how the hackers pulled off the heist. A series of unfortunate and cascading mistakes allowed a China-backed hacking group to steal one of the keys to Microsoft’s email kingdom that granted near unfettered access to U.S.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |