Microsoft explains that Chinese hackers leveraged a stolen signing key from a Windows crash dump to compromise US government accounts

When you purchase through links on our site, we may earn an affiliate commission.Heres how it works.

The hackers used the key to compromise Exchange Online and Azure Active Directory accounts belonging to multiple organizations.

This is consistent with our standard debugging processes.

Our credential scanning methods did not detect its presence (this issue has been corrected).

Notably, the crash dump was transitioned from the company’s production internet to its internet-connected corporate debugging environment.

Analysis: What was the breach’s severity?

The researcher indicated that the breach provided the attackers with access to Microsoft cloud services.

Not forgetting apps that support Microsoft Account authentication.

However, Microsoft has refuted the claims that the key could only be leveraged on apps accepting personal accounts.

Likewise, this also blocked the generation of new access tokens.

Finally, the company moved recently generated access tokens to the key store used in its enterprise systems.

This is the ultimate cyber intelligence' shape shifter' superpower.