Hacked Microsoft Keys Let Attackers Access a Wide Range of Azure Applications

From gbhackers.com

The China-linked threat actors who stole the US State Department and other Microsoft customer emails may have acquired access to apps other than Exchange Online and Outlook.com.

According to Wiz Researchers, the compromised signing key was more potent than it first appeared to be and was not restricted to just those two services.

The threat actor may have been able to forge access tokens for a variety of Azure Active Directory applications, including any that supports personal account authentication, such as SharePoint, Teams, or OneDrive, as well as customer applications that support the “login with Microsoft” feature and multi-tenant applications under specific circumstances.

It is advised to organizations look for instances of forged token usage on any potentially compromised apps.

Read more…