malwaretech,
@malwaretech@infosec.exchange avatar

This is absolutely crazy stuff. Chinese hackers were able to get into a bunch of government email accounts by forging Microsoft access tokens, but how it happened is wild.

Apparently an internal Microsoft system responsible for signing consumer access tokens crashed, then a bug in the crash dump generator caused the secret key to be written to the crash dump. Microsoft's secondary system for detecting sensitive data in crash dumps also failed, allowing the crash dump to be moved from an isolated network to the corporate one. The Chinese hackers compromised a Microsoft engineer's account and were able to get a hold of the crash dump. They were not only able to find the key and figure out that it's responsible for signing consumer access tokens, but were also able to exploit a software bug to use it to sign enterprise access tokens too, basically giving them the keys to the kingdom.

So many security system had to fail for this to happen. Either the hackers were very lucky or extremely patient.

https://msrc.microsoft.com/blog/2023/09/results-of-major-technical-investigations-for-storm-0558-key-acquisition/

  • All
  • Subscribed
  • Moderated
  • Favorites
  • random
  • uselessserver093
  • Food
  • aaaaaaacccccccce
  • test
  • CafeMeta
  • testmag
  • MUD
  • RhythmGameZone
  • RSS
  • dabs
  • KamenRider
  • Ask_kbincafe
  • TheResearchGuardian
  • KbinCafe
  • Socialism
  • oklahoma
  • SuperSentai
  • feritale
  • All magazines