TLDR:
- Storm-0558, a cyberespionage group affiliated with China, compromised Microsoft Exchange mailboxes of 22 organizations and over 500 individuals.
- They used a key held by Microsoft in 2016 to gain unauthorized access, resulting in the theft of over 60,000 emails from the State Department.
Storm-0558 exploited a flaw in Microsoft’s authentication system, allowing them to forge tokens for accessing Exchange online accounts. Microsoft failed to rotate keys efficiently, leading to the breach. The impact also affected U.S. government agencies.
These findings highlight the importance of key rotation and robust authentication measures to prevent cyberattacks and data breaches.