Back in July we learned about Storm-0558 and how they got access to some Microsoft Azure Active Directory and Exchange accounts belonging to sensitive groups, including the US Department of State and Department of Commerce. We didn't really know how Storm-0558 got their hands on a "signing key" in order to do that, until today. Microsoft said in a blog post that the signing key was included in a snapshot of a crashed process from a customer due to a race condition that's since been fixed. That snapshot was moved from an isolated production network onto an internet connected network, which Storm-0558 got access to after compromising a Microsoft engineer's corporate account. They aren't sure how the snapshot was exfiltrated, but this is their best guess.
If you liked this tiny snippet of content from The Sizzle - Australia's favourite daily email containing the latest tech news & bargains - then sign up for a 30-day free trial below. No credit card required! Learn more about The Sizzle at https://thesizzle.com.au