Microsoft has issued a detailed explanation of how Chinese hackers infiltrated US government emails, attributing the incident to a stolen crash dump from a hacked engineer’s corporate account. The crash dump, which dated back to April 2021, contained a Microsoft account (MSA) consumer key, which was used to forge tokens to break into OWA and Outlook.com accounts. Microsoft said a race condition allowed the key to be present in the crash dump, and this issue has been corrected. Microsoft also acknowledged an internal system failure to detect sensitive secrets leaking from crash dumps, which has since been rectified.

Read more: https://www.securityweek.com/crash-dump-error-how-a-chinese-espionage-group-exploited-microsofts-errors/