Microsoft has issued a detailed explanation of how Chinese hackers infiltrated US government emails, attributing the incident to a stolen crash dump from a hacked engineer’s corporate account. The crash dump, which dated back to April 2021, contained a Microsoft account (MSA) consumer key, which was used to forge tokens to break into OWA and Outlook.com accounts. Microsoft said a race condition allowed the key to be present in the crash dump, and this issue has been corrected. Microsoft also acknowledged an internal system failure to detect sensitive secrets leaking from crash dumps, which has since been rectified.
About OODA Analyst
OODA is comprised of a unique team of international experts capable of providing advanced intelligence and analysis, strategy and planning support, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.