|
|
|
|
|
|
by jsnell
1070 days ago
|
|
|
The quote in the article about what happened seems muddled. But even going to the original source [0], I don't think I understand what happened. Some of it might be because terminology differences, some because this seems to be written mainly for ass-covering. Does anyone know any more details? > They did this by using forged authentication tokens to access user email using an acquired Microsoft account (MSA) consumer signing key Is this saying that the attackers got Microsoft's cookie signing private key? I don't know how else to interpret it, but "acquiring" sure ain't the language you use for that level of breach. And how was the key "acquired"? From a security vulnerability in their production systems? Breach of their corp network? > The actor exploited a token validation issue to impersonate Azure AD users and gain access to enterprise mail. So not only did they leak the private key, but their validation code was also broken and checked the signatures against the wrong key? How does that even happen? [0] https://msrc.microsoft.com/blog/2023/07/microsoft-mitigates-... |
|
|