How did a China-based hacking group compromise Microsoft’s cloud security?

How did a China-based hacking group compromise Microsoft’s cloud security?

Subject : Science and Technology

Section: Awareness in IT

Introduction

• Storm-0558, a China-based hacking group, breached U.S. government-linked email accounts.
• The compromised email accounts included those of top American officials such as Commerce Secretary Gina Raimondo and U.S. Ambassador to China Nicholas Burns.
• The breach stemmed from the compromise of a Microsoft engineer’s corporate account, allowing hackers to extract a cryptographic key for email account access.

Storm-0558: A China-Based Threat Actor

• Microsoft Threat Intelligence assessed Storm-0558 as a China-based threat actor with activities aligned with espionage objectives.
• The group primarily targeted U.S. and European diplomatic, economic, and legislative entities, as well as individuals linked to Taiwan and Uyghur geopolitical interests.
• Targeting Microsoft accounts using phishing campaigns and exploiting vulnerabilities in public-facing applications for initial access.

Compromising Microsoft’s Security

• Storm-0558 compromised Microsoft’s cloud security by using an acquired MSA key to forge tokens.
• These tokens were used to access Outlook Web Access (OWA), Microsoft’s web-based mail client, and impersonate Azure AD users for enterprise email access.

Understanding Cryptographic Keys

• A cryptographic key is a string of characters used in encryption algorithms to secure data.
• Types:
  • Symmetric Keys:
    • These use the same key for both encryption and decryption.
    • While efficient, secure sharing of the key between parties can be challenging.
  • Asymmetric Keys:
    • Also known as public-key encryption.
    • It involves a pair of keys – a public key and a private key.
    • The public key is shared openly, while the private key remains secret.
    • Data encrypted with the public key can only be decrypted with the private key, ensuring secure communication and authentication.
• Digital Signatures: Cryptographic keys are crucial for creating and verifying digital signatures, which confirm the authenticity and integrity of digital documents or messages.