Microsoft Warns That a Chinese Cyberattack Breached Government Email Accounts (opens in new tab)

(gizmodo.com)

16 pointsrealshadow2y ago5 comments

5 comments

The quote in the article about what happened seems muddled. But even going to the original source [0], I don't think I understand what happened. Some of it might be because terminology differences, some because this seems to be written mainly for ass-covering. Does anyone know any more details?

> They did this by using forged authentication tokens to access user email using an acquired Microsoft account (MSA) consumer signing key

Is this saying that the attackers got Microsoft's cookie signing private key? I don't know how else to interpret it, but "acquiring" sure ain't the language you use for that level of breach. And how was the key "acquired"? From a security vulnerability in their production systems? Breach of their corp network?

> The actor exploited a token validation issue to impersonate Azure AD users and gain access to enterprise mail.

So not only did they leak the private key, but their validation code was also broken and checked the signatures against the wrong key? How does that even happen?

[0] https://msrc.microsoft.com/blog/2023/07/microsoft-mitigates-...

freedude2y ago

"using an acquired Microsoft account" To me this implies theft. But was it theft through a hacked network, or corporate espionage, today's replacement of the Silk Road, or acquired from some other third party vendor?

JoeAltmaier2y ago

I'm astonished that Chinese cyberattacks don't warrant some kind of shutdown between the Chinese internet and the rest of the word (or NATO anyway).

Devastating to commerce? Sure! For a day or so. Then the Chinese cyberattacks would cease and we could go back to normal.

How could you tell? Well, there are countless websites that purport to graph such things realtime. Ask one of them to monitor the situation. It goes above a trivial threshold - the pipe is shut off for a day.

But that's just a naieve citizen, wondering why government is so screwed up that it allows constant unrelenting financial attacks against its people without repercussions.

halJordan2y ago

Good sounding at the highest levels but you quickly reach contradictions. The biggest contradiction is that you're charged with protecting people and your plan of action is going to devastate them far more than the cyberattack did. Real cut off the nose to spite the face stuff. The fact that the Chinese internet isnt cut off should be an indicator that the govt does in fact care about the little man but I'm sure that's a step too far here.

JoeAltmaier2y ago

For a short time. The Chinese will be hurt as well. Money may mean a lot to them.

I think the scope of Chinese malfeasance may be underestimated here. It's constant and malicious. Some kind of negative feedback, any kind, would likely have an immediate response.

j / k navigate · click thread line to collapse

5 comments

jsnell2y ago

> They did this by using forged authentication tokens to access user email using an acquired Microsoft account (MSA) consumer signing key

> The actor exploited a token validation issue to impersonate Azure AD users and gain access to enterprise mail.

So not only did they leak the private key, but their validation code was also broken and checked the signatures against the wrong key? How does that even happen?

[0] https://msrc.microsoft.com/blog/2023/07/microsoft-mitigates-...

freedude2y ago

JoeAltmaier2y ago

I'm astonished that Chinese cyberattacks don't warrant some kind of shutdown between the Chinese internet and the rest of the word (or NATO anyway).

Devastating to commerce? Sure! For a day or so. Then the Chinese cyberattacks would cease and we could go back to normal.

But that's just a naieve citizen, wondering why government is so screwed up that it allows constant unrelenting financial attacks against its people without repercussions.

halJordan2y ago

JoeAltmaier2y ago

For a short time. The Chinese will be hurt as well. Money may mean a lot to them.

I think the scope of Chinese malfeasance may be underestimated here. It's constant and malicious. Some kind of negative feedback, any kind, would likely have an immediate response.

j / k navigate · click thread line to collapse