News Summary

• Microsoft said it initially thought the hackers were forging authentication tokens using an acquired enterprise signing key, which are used to secure corporate and enterprise email accounts.
• Though it’s unclear how Microsoft lost control of its own keys, the company said it’s hardened its key issuance systems, presumably to prevent hackers from churning out another digital skeleton key.The hackers made one key mistake.
• U.S. cybersecurity agency CISA said the hacks, which began in mid-May, included a small number of government accounts said to be in the single digits and that the hackers exfiltrated some unclassified email data.
• Microsoft said this was because of a “validation error in Microsoft code.”Microsoft said it has blocked “all actor activity” related to this incident, suggesting that the incident is over and that the hackers lost access.
• Whether or not Microsoft has the answers ready, it’s not likely to be an investigation the technology giant can shake any time soon.Chinese hackers raided US government email accounts by exploiting Microsoft cloud bug
• Microsoft is also taking heat for reserving security logs for the government accounts with the company’s top-tier package that may have helped other incident responders identify malicious activity.CNN first reported that the State Department initially detected the breach and reported it to Microsoft.