Apr 4, 2024
Microsoft still unsure how hackers stole MSA key in 2023 Exchange attack
Posted by Saúl Morales Rodriguéz in category: cybercrime/malcode
The U.S. Department of Homeland Security’s Cyber Safety Review Board (CSRB) has released a scathing report on how Microsoft handled its 2023 Exchange Online attack, warning that the company needs to do better at securing data and be more truthful about how threat actors stole an Azure signing key.
Microsoft believes that last May’s Exchange Online hack is linked to a threat actor known as ‘Storm-0558’ stealing an Azure signing key from an engineer’s laptop that was previously compromised by the hackers at an acquired company.
Storm-0558 is a cyberespionage actor affiliated with China that has been active for more than two decades targeting a wide range of organizations.