Background information
Why the Microsoft hack is more problematic than originally thought
by Florian Bodoky
Masterkey theft: Microsoft helps companies with system check
7.8.2023
Translation: machine translated
After the Masterkey SuperGAU, Microsoft is helping Azure users to find out whether their services were affected by a hack.
There was a huge outcry when it became known that several US government agencies had been hacked in the summer. For around a month, cyber criminals gained unauthorised access to emails, such as those from the US State Department. The group behind this was Storm-0558, which is believed to have originated in China.
As the security company Wiz discovered, the email hack was by no means the tip of the iceberg. In fact, all companies that use Microsoft's cloud service "Azure Active Directory" (AAD) are potentially at risk. The hacking group has taken a master key and used it to verify self-made security tokens. This allowed them to access any AAD-based service worldwide.
Microsoft's inadequate, sometimes non-transparent communication following this incident caused additional displeasure. Little has changed so far. However, Microsoft is now providing assistance: the company has published a playbook for potential AAD hack victims. In it, Microsoft describes how a company should proceed to determine whether its own infrastructure is affected by a "token theft" - i.e. whether there are compromised access points or any backdoors in its AAD.
There are also instructions on how security tools such as "MS Sentinel" can be configured so that security-relevant logs can be viewed there in future. This playbook can be found here. To illustrate the process, Microsoft has also designed a process diagram - the complete document is available as a ZIP file here.
Cover image:Shutterstock
I've been tinkering with digital networks ever since I found out how to activate both telephone channels on the ISDN card for greater bandwidth. As for the analogue variety, I've been doing that since I learned to talk. Though Winterthur is my adoptive home city, my heart still bleeds red and blue.
Security
Follow topics and stay updated on your areas of interest