Stolen Microsoft key offered widespread access to Microsoft cloud services

BleepingComputer reports that the Microsoft consumer signing key stolen by Chinese hackers provided them with access far beyond the Exchange Online and accounts that Microsoft initially reported as compromised. This is according to Wiz security researchers. The attackers breached the Exchange Online and Azure Active Directory (AD) accounts of around two dozen organizations by exploiting a now-patched zero-day validation issue in the GetAccessTokenForResourceAPI. This allowed them to forge signed access tokens and impersonate accounts within the targeted organizations.

Wiz security researcher Shir Tamari said that the impact extended to all Azure AD applications operating with Microsoft’s OpenID v2.0. This was due to the stolen key’s ability to sign any OpenID v2.0 access token for personal accounts (e.g., Xbox, Skype) and multi-tenant AAD apps.

In response to the security breach, Microsoft revoked all valid MSA signing keys to ensure that the threat actors didn’t have access to other compromised keys. This measure also thwarted any attempts to generate new access tokens.

Written by Travis Street

Lecturer and Researcher with specialisation in AI, ML, analytics and data science at the Universities of Surrey and Exeter.

Artificial intelligence can seem more human than actual humans on social media, study finds

China Issues Rules for Generative AI, Mandating Adherence to ‘Socialist Values’