Microsoft said in June that a China-backed hacking group had stolen a cryptographic key from the company's systems. This key allowed the attackers to access cloud-based Outlook email systems for 25 organizations, including multiple US government agencies. At the time of the disclosure, however, Microsoft did not explain how the hackers were able to compromise such a sensitive and highly guarded key, or how they were able to use the key to move between consumer- and enterprise-tier systems. But a new postmortem published by the company on Wednesday explains a chain of slipups and oversights that allowed the improbable attack. Such cryptographic keys are significant in cloud infrastructure because they are used to generate authentication 'tokens' that prove a user's identity for accessing data and services. Microsoft says it stores these sensitive keys in an isolated and strictly access-controlled 'production environment.' But during a particular system crash in April 2021, the key in...
learn more
Ratings & Reviews
Entrepreneur & Investor
YOU MIGHT ALSO LIKE