Results of Major Technical Investigations for Storm-0558 Key Acquisition

Has anyone here been using outlook.com? All your emails may be in the hand of a Chinese threat actor now.

https://msrc.microsoft.com/blog/2023/09/results-of-major-technical-investigations-for-storm-0558-key-acquisition/

Thank you Microsoft for finally shedding some light upon the Storm-0558 Key Acquisition, but holy cow what a series of vulnerabilities and flaws that allowed this breach to happen. A compromised engineer's corporate account, exposed signing keys in crash dumps, inaccurate key validation in the mail system - a number of serious deficiencies were revealed in this article.

Whether the threat actor had a lucky day or knew something beforehand remains a mystery, but it doesn't really matter anymore.

I really want to share my thoughts on this:

- It's remarkable we didn't read more about this incident in the mainstream news

- As skill and resources of those adversaries grow, there should be better controls in place

- There is no reason to believe that the probability of another breach of this scale is going to decrease

- We should always question the amount of trust we put in a single vendor

- Data sovereignty pays off

Comments

Post a Comment

Popular posts from this blog

curl: Probably the worst curl security flaw in a long time

There is an unplanned release for a high severity security flaw in curl scheduled for 11 October 2023. Not much is known about the nature of the vulnerability but it would be wise to get ready and pinpoint all occurrences of curl and libcurl, so that once version 8.4.0 releases, you’ll be able to take immediate action. The one rated HIGH is probably the worst curl security flaw in a long time. Source: https://github.com/curl/curl/discussions/12026
Read more