Researchers have discovered that the suspected China-backed hackers who breached the email accounts of U.S. Commerce and State Department officials may have also copied protected documents and files using Microsoft login information.
The attack, which was revealed a week ago, raised concerns because the attackers used a stolen or forged Microsoft signing key that could authenticate as any Microsoft Exchange or Outlook email customer, granting them access to employee inboxes.
Researchers from Wiz, a cloud security company, analyzed Microsoft’s technique and concluded that anyone with the signing key could have extended their access to widely used Microsoft cloud services such as SharePoint, Teams, and OneDrive.
In a blog post detailing their findings, Wiz stated, “The compromised MSA key could have allowed the threat actor to forge access tokens for multiple types of Azure Active Directory applications, including every application that supports personal account authentication.”
Although Microsoft has revoked the key to prevent further attacks, Wiz warned that the hackers might have left backdoors in applications, allowing them to return. Additionally, some software may still recognize a session initiated with an expired key.
Microsoft downplayed the possibility of the attackers going beyond the email accounts of their targets, including Commerce Secretary Gina Raimondo and U.S. ambassador to China Nicholas Burns. A Microsoft spokesperson stated, “Many of the claims made in this blog are speculative and not evidence-based.”
The Cybersecurity and Infrastructure Security Agency (CISA) also expressed no indication that the attackers had expanded their breach beyond email. Eric Goldstein, executive assistant director for cybersecurity at CISA, stated, “Available information indicates that this activity was limited to a specific number of targeted Microsoft Exchange Online email accounts.”
Reference
Denial of responsibility! VigourTimes is an automatic aggregator of Global media. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, and all materials to their authors. For any complaint, please reach us at – [email protected]. We will take necessary action within 24 hours.
