Did Storm 0558 Access an On-Premises Hardware Security Module?
Set-up: On June 14th @Serghei for Bleeping Computer tweeted that “Microsoft says it still doesn’t know how Storm-0558 Chinese hackers stole an inactive MSA consumer signing key used to breach the Exchange Online and Azure AD accounts of two dozen organizations, including U.S. government agencies.” Bleeping Computer seemed to rely on a June 14th update…
Pattern Leads: Singapore Servers a Factor in China Hack?
Set-up: A Chinese hacker group called Storm-0558 reportedly breached accounts inside more than 24 organizations, including U.S. State Department officials’ Microsoft accounts leading-up to Secretary Antony Blinken’s June trip to Beijing. The hackers exploited a validation coding error enabling them to forge Azure AD tokens using an acquired Microsoft account (MSA) consumer signing key, as…