Data Breach

Microsoft Data Breach

25 records exposed • May 2023

Chinese hackers stole a special key that Microsoft uses to prove emails are legitimate. They used it to make fake keys and read government emails without permission.

What Happened

Chinese threat actor Storm-0558 used a stolen Microsoft signing key to forge authentication tokens, accessing Outlook email of 25 organizations including US government agencies.

Attack method: Forged authentication tokens via stolen signing key

What Data Was Exposed

Email contents, Email attachments, Government communications

Is your business exposed?

What to Do If You're Affected

1.
Review Azure AD sign-in logs for anomalies
2.
Enable enhanced logging for cloud services
3.
Implement conditional access policies

Lessons for Businesses

• Signing key theft enables wide-scale attacks
• Cloud service providers are high-value targets
• Defense against nation-state actors requires continuous vigilance

Sources

https://msrc.microsoft.com/blog/2023/07/microsoft-mitigates-china-based-threat-actor-storm-0558-targeting-of-customer-email/

Related Breaches

Solarwinds 2020, Microsoft Exchange 2021

Is your business exposed?

Check if your company data is circulating on the dark web

Free scan • No credit card required