Microsoft could have prevented Chinese cloud email hack, US cyber report says

A new report from the US Cyber Safety Review Board has found that 微软 could have prevented Chinese hackers from breaching US government emails through its Microsoft Exchange Online software last year. The incident, described as a “cascade of security failures” at Microsoft, allowed Chinese state-sponsored hackers to access online email inboxes of 22 organizations, affecting more than 500 people including US government employees working on national security.

The U.S. Department of Homeland Security (DHS) has released a scathing report that found that the hack was “preventable” and that a number of decisions inside Microsoft contributed to “a corporate culture that deprioritized enterprise security investments and rigorous risk management.”

The hackers used an acquired Microsoft account (MSA) consumer key to forge tokens to access Outlook on the web (OWA) and Outlook.com. The report makes it clear that Microsoft still isn’t sure exactly how the key was stolen, but the leading theory is that the key was part of a crash dump. Microsoft published that theory in September, and recently updated its blog post to admit “we have not found a crash dump containing the impacted key material.”

Without access to that crash dump, Microsoft can’t be sure exactly how the key was stolen. “Our leading hypothesis remains that operational errors resulted in key material leaving the secure token signing environment that was subsequently accessed in a debugging environment via a compromised engineering account,” says Microsoft in its updated blog post.

Read the rest of the article for free here: https://easysam.co.uk/news/microsoft-could-have-prevented-chinese-cloud-email-hack-us-cyber-report-says/