cxo voice
  • Home
  • News
  • Leaders Talk
  • Expert Opinion
No Result
View All Result
  • Home
  • News
  • Leaders Talk
  • Expert Opinion
No Result
View All Result
Leaders Talk and Latest Tech News | CXO VOICE
No Result
View All Result
Home News Cyber Security

Microsoft reveals how China-based hackers stole its consumer email key

IANS by IANS
September 9, 2023
Reading Time: 2 mins read
microsoft
Share on FacebookShare on Twitter

China-backed hackers stole a digital consumer key from Microsoft to gain unfettered access to US government emails and the tech giant has detailed how the cyber criminals pulled off one of the biggest heists in the corporate and government circles.

China-based threat actor, Storm-0558, used an acquired Microsoft account (MSA) consumer key to forge tokens to access OWA (Outlook Web App) and Outlook.com.

“Our investigation found that a consumer signing system crash in April of 2021 resulted in a snapshot of the crashed process (crash dump). The crash dumps, which redact sensitive information, should not include the signing key,” the company said after a technical investigation.

In this case, a race condition allowed the key to be present in the crash dump (this issue has been corrected).

“The key material’s presence in the crash dump was not detected by our systems (this issue has been corrected),” said Microsoft.

The hackers used that digital skeleton key to break into both the personal and enterprise email accounts of government officials hosted by Microsoft.

ADVERTISEMENT

“We found that this crash dump, believed at the time not to contain key material, was subsequently moved from the isolated production network into our debugging environment on the internet connected corporate network,” explained the company.

After April 2021, when the key was leaked to the corporate environment in the crash dump, the Storm-0558 actor was able to successfully compromise a Microsoft engineer’s corporate account.

This account had access to the debugging environment containing the crash dump which incorrectly contained the key.

“Due to log retention policies, we don’t have logs with specific evidence of this exfiltration by this actor, but this was the most probable mechanism by which the actor acquired the key,” Microsoft added.

Disclaimer: Only the headline and image of this article may have been edited by CXOvoice; the rest of the content is generated from a syndicated feed.

Also Read: MediaTek develops 1st chip with TSMC’s 3nm process, mass production in 2024

IANS

IANS

For any query, contact@cxovoice.com

Related Posts

Airkit.ai
Business

Salesforce to acquire Airkit.ai to boost AI capabilities

September 23, 2023
Working in a post-pandemic world: What is the new normal?
Business

25 million employees now returning to offices globally in the hybrid work era

September 23, 2023
Image Credit: Pixabay
Business

IT spending in MENA region to reach $183.8 billion in 2024: Gartner

September 23, 2023
Samsung Huawei
Technology

Samsung, Huawei to drive mass adoption of foldable smartphones next year

September 22, 2023
GenAI
Business

GenAI to generate economic value worth $2.6-$4.4 trillion annually: Report

September 21, 2023
SK hynix
Technology

US to ensure S. Korean chipmakers’ smooth operation regarding China curbs

September 21, 2023
McAfee Scam Protection
Cyber Security

McAfee’s new AI-based product to spot, block scams in real-time

September 21, 2023
Huawei
Cyber Security

US govt hacking into Huawei servers since 2009, accuses China

September 21, 2023
Load More
ADVERTISEMENT

Expert Views

Credentials database theft, reused passwords dangerous entryway
Cyber Security

Can SASE be used as your initial defense against ransomware?

September 12, 2023
Smart Cities challenges and security
Cyber Security

Do our abilities match the ambitions of Smart Cities?

August 23, 2023
Why 5G Network Uptime is Essential for a Digitally Interconnected Society
Opinion

Why 5G Network Uptime is Essential for a Digitally Interconnected Society

July 18, 2023
Responding to cyberbullying with cyber confidence and resilience
Cyber Security

Responding to cyberbullying with cyber confidence and resilience

July 17, 2023
Five Ways All-Flash Data Centers Can Drive Sustainability Goals 
Opinion

Five Ways All-Flash Data Centers Can Drive Sustainability Goals 

July 7, 2023

Latest Updates

Airkit.ai

Salesforce to acquire Airkit.ai to boost AI capabilities

by IANS
23 hours ago

Working in a post-pandemic world: What is the new normal?

25 million employees now returning to offices globally in the hybrid work era

by News Desk
1 day ago

Image Credit: Pixabay

IT spending in MENA region to reach $183.8 billion in 2024: Gartner

by News Desk
1 day ago

Samsung Huawei

Samsung, Huawei to drive mass adoption of foldable smartphones next year

by IANS
2 days ago

GenAI

GenAI to generate economic value worth $2.6-$4.4 trillion annually: Report

by IANS
3 days ago

SK hynix

US to ensure S. Korean chipmakers’ smooth operation regarding China curbs

by IANS
3 days ago

Get Latest Update

Subscribe to our mailing list to receives newsletter direct to your inbox!

ADVERTISEMENT

Leaders Inerviews

NewgenOne
Leaders Talk

NewgenONE bridges the gap between business users and IT teams with its low code capability: Varun Goswami

-
Interview with Prasanna Arikala, CTO, Kore.ai on AI chatbots
AI

Can AI chatbots enhance customer experience and reduce the cost of serving customers?

-
Rising cyber attacks pose a serious threat to Indian SMBs, says Zakir Hussain
Cyber Security

Rising cyber attacks pose a serious threat to Indian SMBs, says Zakir Hussain

-
Axis Bank's Cloud-driven digital banking solutions
Banking

Axis Bank doubles down on cloud based digital banking solutions

-

Entrepreneur

Samsung Electronics appoints its first female president

Inspiring Women Entrepreneurs in India (2022)

Technology Adoption For Entrepreneurs

Volunteering management is the need of the Hour

We bring business leaders' opinions and unique ideas on what’s happening in the market and its impact. Also, get the daily news, analysis, and insights.

Connect with us

Easy Links

  • Cryptocurrency
  • Event
  • Blockchain
  • Press Release
  • Resources & Downloads

Write Us

contact@cxovoice.com
  • Home
  • About
  • Contact Us
  • Advertise
  • Privacy & Policy
  • Feedback

© 2023 CXO VOICE

No Result
View All Result
  • Home
  • News
  • Leaders Talk
  • Expert Opinion

© 2023 CXO VOICE

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In

Add New Playlist

Our Spring Sale Has Started

You can see how this popup was set up in our step-by-step guide: https://wppopupmaker.com/guides/auto-opening-announcement-popups/