Results of technical investigations for Storm-0558 key acquisition

On July 11, 2023, Microsoft addressed a security breach in a blog post. The threat actor Storm-0558 used a acquired Microsoft account to gain unauthorized access to OWA and Microsoft conducted a thorough investigation into the acquisition of the account and has released its findings. The company has strict controls in place to protect its production environment, but the incident occurred due to a crash dump that contained sensitive key material. The dump was moved to a debugging environment on the corporate network, where the threat actor was able to access it and compromise a Microsoft engineer’s account. Microsoft has since made improvements to prevent similar incidents in the future. The blog post provides further details and explains the steps taken to address the issue.

To top