BTC $70614.7035
ETH $3511.7004
BNB $620.2579
SOL $173.0218
XRP $0.6097
stETH $3507.5030
DOGE $0.1974
TON $7.0340
ADA $0.5814
AVAX $46.2782
wstETH $4079.6154
DOT $8.3856
BCH $610.3232
WETH $3506.2796
WBTC $70620.3107
TRX $0.1214
LINK $17.6767
MATIC $0.8810
UNI $9.1130
LTC $98.3227
ICP $15.5376
CAKE $3.7378
DAI $0.9997
IMX $2.5624
ETC $33.6826
RNDR $9.0476
STX $3.0152
FIL $8.0739
MNT $1.3057
TAO $634.6650
NEAR $6.7707
HBAR $0.0996
ATOM $10.7689
VET $0.0473
OKB $56.7850
WIF $3.4067
FDUSD $1.0024
KAS $0.1425
MKR $3339.9801
PEPE $0.0000
GRT $0.3118
THETA $2.9461
INJ $31.7489
FET $2.5268
XLM $0.1299
XMR $133.8901
USDE $1.0008
BTC $70614.7035
ETH $3511.7004
BNB $620.2579
SOL $173.0218
XRP $0.6097
stETH $3507.5030
DOGE $0.1974
TON $7.0340
ADA $0.5814
AVAX $46.2782
wstETH $4079.6154
DOT $8.3856
BCH $610.3232
WETH $3506.2796
WBTC $70620.3107
TRX $0.1214
LINK $17.6767
MATIC $0.8810
UNI $9.1130
LTC $98.3227
ICP $15.5376
CAKE $3.7378
DAI $0.9997
IMX $2.5624
ETC $33.6826
RNDR $9.0476
STX $3.0152
FIL $8.0739
MNT $1.3057
TAO $634.6650
NEAR $6.7707
HBAR $0.0996
ATOM $10.7689
VET $0.0473
OKB $56.7850
WIF $3.4067
FDUSD $1.0024
KAS $0.1425
MKR $3339.9801
PEPE $0.0000
GRT $0.3118
THETA $2.9461
INJ $31.7489
FET $2.5268
XLM $0.1299
XMR $133.8901
USDE $1.0008
  • Catalog
  • Blog
  • Tor Relay
  • Jabber
  • One-Time notes
  • Temp Email
  • What is TOR?
  • We are in tor
  • Microsoft's stolen crypto key is the golden ticket for Chinese spies

    Hackers gained access to the email accounts of high-ranking US officials and stole a large amount of confidential data.

    A hacker group with ties to Beijing recently gained access to Outlook and Exchange Online mailboxes, as well as other Microsoft cloud services. The attackers did this by forging access tokens and impersonating corporate employees using a stolen cryptographic key.

    Hackers gained access to the email accounts of high-ranking US officials, including Secretary of Commerce Gina Raimondo, US Under Secretary of State for East Asian Affairs Daniel Kritenbrink, and Chinese Ambassador Nicholas Burns, using bogus tokens.

    The violation was discovered and Microsoft was warned by the US federal agency. Microsoft did not specify how the digital bandits obtained this cryptographic key. The corporation revoked this key shortly after the attack was discovered.

    According to Shira Tamari, Wiz's head of research, this key was far more powerful than it appears at first glance. The researcher's words can be trusted because Wiz was founded by former Microsoft cloud security engineers who understand how the internal "kitchen" is set up.

    The stolen key, according to the Wiz report, could be used to access a variety of Azure Active Directory (AAD) applications, including Microsoft applications that use OpenID v2.0 tokens for authentication, such as Outlook, SharePoint, OneDrive, and Teams.

    Furthermore, the key may be compatible with Microsoft customer applications that support the "Sign in with Microsoft" feature, as well as multi-user applications that have been configured to use a shared v2.0 endpoint rather than an organisational one.

    Microsoft, on the other hand, denies Wiz's findings and encourages customers to visit the company's own blogs, specifically the Microsoft Threat Intelligence blog, to learn more about the incident and validate their environments against published Indicators of Compromise (IoC).

    On July 11th, Microsoft made the attack public. At the same time, the corporation stated in a July 14 update that hackers used fake access tokens to penetrate government email accounts for the purpose of espionage.

    The Chinese group appears to have received one of several keys used to validate AAD access tokens, allowing them to sign any OpenID v2.0 access token for personal accounts and multi-user and personal AAD applications on behalf of Microsoft, according to the Wiz security team.

    Although Microsoft has revoked the compromised key, which means it can no longer be used to forge tokens or access AAD applications, there is a chance that attackers used this access during previously established sessions to deploy "bookmarks" or otherwise provide persistence on compromised systems.

    Furthermore, applications that rely on local certificate stores or cached keys may continue to trust a compromised key, making them vulnerable to attacks. As a result, both Wiz and Microsoft strongly advise updating these repositories at least once per day.

    Author DeepWeb
    Fake Sophos encrypts user files under the guise of antivirus software
    Cyber Typhoon DESORDEN hits Malaysia's water supply

    Comments 0

    Add comment