In the first half of July, Microsoft disclosed that the Chinese hacking group Storm-0558 had gained access to emails from 25 organizations, including agencies in the US government.
The group gained access by obtaining aMicrosoft account consumer key, which allows them to create access tokens to their targets’ accounts.
However, because of a series of unfortunate events, they lost the key after a fail-safe failed to detect it.
There’s one final kicker: this was a consumers key, but it let threat actors get into enterprise Microsoft accounts.
Hint:
It’s not just government agencies and corporate IT departments that are at risk here.
It could also be used by criminals to gain access to individual customers’ private mail accounts as well.
👋 Feeling the vibes?
Keep the good energy going by checking out my Amazon affiliate link for some cool finds! 🛍️
If not, consider contributing to my caffeine supply at Buy Me a Coffee ☕️.
Your clicks = cosmic support for more awesome content! 🚀🌈
Leave a Reply