Microsoft hack exposing government emails could have accessed other types of files: researchers

/in


The suspected Chinese-backed hack of U.S. government emails on Microsoft servers could be more damaging than previously thought, cybersecurity researchers said.

Microsoft announced this month that Chinese-backed hackers had accessed the email accounts of multiple government employees, putting information at risk. The U.S. government said that no classified information was disclosed in the cyberattack.

However, researchers at the cloud security firm Wiz claim that the method the hackers used to access emails — forged encryption keys — may also be used to access Microsoft Teams information, OneDrive files and other apps that have Microsoft logins.

“Identity provider’s signing keys are probably the most powerful secrets in the modern world,” Wiz Head of Research Shir Tamari said.

“With identity provider keys, one can gain immediate single hop access to everything, any email box, file service or cloud account.”

The researchers used internet archives to determine that the key used by the hackers was one of a small group of public keys used to verify logins, meaning that the hackers could effectively use the forged key to login to any account they wanted.

“The full impact of this incident is much larger than we initially understood it to be. We believe this event will have long lasting implications on our trust of the cloud and the core components that support it, above all, the identity layer which is the basic fabric of everything we do in cloud.” Tamari said. 

“At this stage, it is hard to determine the full extent of the incident as there were millions of applications that were potentially vulnerable, both Microsoft apps and customer apps, and the majority of them lack the sufficient logs to determine if they were compromised or not,” he added.

The compromised public key has since been removed, meaning accounts are no longer vulnerable.

Microsoft downplayed the possibility of the attack going beyond emails.

“Many of the claims made in this blog…

Source…