Microsoft flaw triggers major breach in Exchange Server hack rotation

1 min read


  • Storm-0558, a cyberespionage group affiliated with China, compromised Microsoft Exchange mailboxes of 22 organizations and over 500 individuals.
  • They used a key held by Microsoft in 2016 to gain unauthorized access, resulting in the theft of over 60,000 emails from the State Department.

Storm-0558 exploited a flaw in Microsoft’s authentication system, allowing them to forge tokens for accessing Exchange online accounts. Microsoft failed to rotate keys efficiently, leading to the breach. The impact also affected U.S. government agencies.

These findings highlight the importance of key rotation and robust authentication measures to prevent cyberattacks and data breaches.

Previous Story

US cyber report claims Microsoft could have stopped Chinese cloud hack

Next Story

SEC warns, CISO role faces disruption amidst charges

Latest from News