09-12-2023, 06:41 AM
Quote:The hack occurred in June, but the company just completed an internal investigation that pointed the finger at its own sloppy security practices.
Bloomberg reports that Microsoft has disclosed that China-linked hackers compromised the corporate account of one of its engineers, then used this unauthorized access to steal a digital key in order to forge authentication tokens. These tokens granted them access to email accounts on Microsoft’s cloud servers, including those belonging to Commerce Secretary Gina Raimondo, Representative Don Bacon, and State Department officials.
...
“[Back in June], U.S. government safeguards identified an intrusion in Microsoft’s cloud security, which affected unclassified systems. Officials immediately contacted Microsoft to find the source and vulnerability in their cloud service,” said Adam Hodge, spokesman for the White House National Security Council. He added, “We continue to hold the procurement providers of the U.S. government to a high security threshold.”
The incident has underscored the growing concerns among senior Western intelligence officials about the ability of Chinese hackers to orchestrate stealthy attacks that can evade detection for years.
China, however, has consistently denied hacking U.S. organizations and has accused the U.S. and its allies of targeting Chinese networks. The Chinese embassy in Washington did not respond to requests for comment on the incident.
The U.S. Cybersecurity and Infrastructure Security Agency and Microsoft had initially disclosed the breach in June. However, the exact mechanism by which the hackers were able to steal the key remained unclear until now. Microsoft stated in a blog post that the key was stored improperly in “crash dump” data after a computer or application unexpectedly crashed. This dump was then moved to Microsoft’s production environment where it could be accessed by a compromised account belonging to a Microsoft employee.
Adding to the complexity of the situation, Microsoft admitted that it did not have complete confidence in its assessment of how the key was stolen.
"For God has not destined us for wrath, but for obtaining salvation through our Lord Jesus Christ," 1 Thessalonians 5:9
Maranatha!
The Internet might be either your friend or enemy. It just depends on whether or not she has a bad hair day.
My Original Stories (available in English and Spanish)
List of Compiled Binary Executables I have published...
HiddenChest & Roole
Give me a free copy of your completed game if you include at least 3 of my scripts!
Just some scripts I've already published on the board...
KyoGemBoost XP VX & ACE, RandomEnkounters XP, KSkillShop XP, Kolloseum States XP, KEvents XP, KScenario XP & Gosu, KyoPrizeShop XP Mangostan, Kuests XP, KyoDiscounts XP VX, ACE & MV, KChest XP VX & ACE 2016, KTelePort XP, KSkillMax XP & VX & ACE, Gem Roulette XP VX & VX Ace, KRespawnPoint XP, VX & VX Ace, GiveAway XP VX & ACE, Klearance XP VX & ACE, KUnits XP VX, ACE & Gosu 2017, KLevel XP, KRumors XP & ACE, KMonsterPals XP VX & ACE, KStatsRefill XP VX & ACE, KLotto XP VX & ACE, KItemDesc XP & VX, KPocket XP & VX, OpenChest XP VX & ACE
Maranatha!
The Internet might be either your friend or enemy. It just depends on whether or not she has a bad hair day.
My Original Stories (available in English and Spanish)
List of Compiled Binary Executables I have published...
HiddenChest & Roole
Give me a free copy of your completed game if you include at least 3 of my scripts!
Just some scripts I've already published on the board...
KyoGemBoost XP VX & ACE, RandomEnkounters XP, KSkillShop XP, Kolloseum States XP, KEvents XP, KScenario XP & Gosu, KyoPrizeShop XP Mangostan, Kuests XP, KyoDiscounts XP VX, ACE & MV, KChest XP VX & ACE 2016, KTelePort XP, KSkillMax XP & VX & ACE, Gem Roulette XP VX & VX Ace, KRespawnPoint XP, VX & VX Ace, GiveAway XP VX & ACE, Klearance XP VX & ACE, KUnits XP VX, ACE & Gosu 2017, KLevel XP, KRumors XP & ACE, KMonsterPals XP VX & ACE, KStatsRefill XP VX & ACE, KLotto XP VX & ACE, KItemDesc XP & VX, KPocket XP & VX, OpenChest XP VX & ACE