The quote in the article about what happened seems muddled. But even going to the original source [0], I don't think I understand what happened. Some of it might be because terminology differences, some because this seems to be written mainly for ass-covering. Does anyone know any more details?<p>> They did this by using forged authentication tokens to access user email using an acquired Microsoft account (MSA) consumer signing key<p>Is this saying that the attackers got Microsoft's cookie signing private key? I don't know how else to interpret it, but "acquiring" sure ain't the language you use for that level of breach. And <i>how</i> was the key "acquired"? From a security vulnerability in their production systems? Breach of their corp network?<p>> The actor exploited a token validation issue to impersonate Azure AD users and gain access to enterprise mail.<p>So not only did they leak the private key, but their validation code was also broken and checked the signatures against the wrong key? How does that even happen?<p>[0] <a href="https://msrc.microsoft.com/blog/2023/07/microsoft-mitigates-china-based-threat-actor-storm-0558-targeting-of-customer-email/" rel="nofollow noreferrer">https://msrc.microsoft.com/blog/2023/07/microsoft-mitigates-...</a>
I'm astonished that Chinese cyberattacks don't warrant some kind of shutdown between the Chinese internet and the rest of the word (or NATO anyway).<p>Devastating to commerce? Sure! For a day or so. Then the Chinese cyberattacks would cease and we could go back to normal.<p>How could you tell? Well, there are countless websites that purport to graph such things realtime. Ask one of them to monitor the situation. It goes above a trivial threshold - the pipe is shut off for a day.<p>But that's just a naieve citizen, wondering why government is so screwed up that it allows constant unrelenting financial attacks against its people without repercussions.