![]() ![]() This was only possible because of a validation error in Microsoft code. But further analysis showed that Storm-0558 was forging Azure AD tokens using an acquired Microsoft account (MSA) consumer signing key to access OWA and. Attribution is based on Microsoft Threat Intelligence assessment that Storm-0558 is a China-based threat actor with activities and methods consistent with espionage objectives.Īt first Microsoft assumed that the spies were using legitimate Azure Active Directory (Azure AD) tokens stolen by malware. ![]() Microsoft analysis attributed the activity to a group called Storm-0558 based on established prior tactics, techniques, and procedures (TTPs). Investigation learned that the customer’s Exchange Online data was accessed using Outlook Web Access (OWA). ![]() The investigation started on Jun 16, 2023, when Microsoft was notified by a customer about an anomalous Exchange Online data access. The attacks were targeted and lasted for about a month before they were first discovered. Microsoft is getting criticized for the way in which it handled a serious security incident that allowed a suspected Chinese espionage group to access user email from approximately 25 organizations, including government agencies and related consumer accounts in the public cloud. ![]()
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |