#storm0558 — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #storm0558, aggregated by home.social.
-
Storm-0558 hacks of Microsoft Exchange
In mid-July 2023, Microsoft reported that a Chinese hacking group tracked as '#Storm0558' breached the email accounts of 25 organizations, including US and Western European government agencies, using #forged #authentication #tokens from a stolen Microsoft consumer #signing #key.
Using this stolen key, the Chinese threat actors exploited a zero-day vulnerability in the #GetAccessTokenForResource API function for Outlook Web Access in Exchange Online (#OWA) to forge authorization tokens.
These tokens allowed the threat actors to impersonate Azure accounts and access email accounts for numerous government agencies and organizations to monitor and steal email.
After these attacks, Microsoft faced a lot of criticism for not providing adequate #logging to Microsoft customers for free. Instead, Microsft required customers to purchase additional licenses to obtain logging data that could have helped detect these attacks.
After working with CISA to identify crucial logging data needed to #detect #attacks, Microsoft announced that they now offer it for free to all Microsoft customers.