How Chinese hackers got their hands on Microsoft’s token signing key

The mystery of how Chinese hackers managed to steal a crucial signing key that allowed them to breach Microsoft 365’s email service and access accounts of employees of 25 government agencies has been explained: they found it somewhere where it shouldn’t have been – Microsoft’s corporate environment. The theft of a Microsoft signing key In short: The key was included in the crash dump of a consumer signing system located in Microsoft’s “highly isolated and … More →

The post …

access accounts breach chinese chinese hackers cloud security corporate cyber espionage data theft don't miss email employees enterprise environment europe explained found government government agencies hackers hot stuff key managed microsoft microsoft 365 service signing signing key steal theft token usa wiz