However, it will take weeks, if not months, to identify the full extent of the real compromise caused by the situation since many firms lack sufficient authentication logging.
Reportedly, the email breach enabled access to Microsoft 365 enterprise email accounts and the potentially sensitive information they contained by forging authentication tokens under the guise of authorized Azure Active Directory (AD) users thanks to a stolen Microsoft account (MSA) key.
There are also speculations that the lost MSA key could have additionally allowed threat actors to forge access tokens for “multiple types of Azure Active Directory applications, including every application that supports personal account authentication, such as SharePoint, Teams, OneDrive, customers’ applications that support the ‘login with Microsoft’ functionality, and multitenant applications in certain conditions,” as per a research by Wiz published on July 21.
Head of research at Wiz, Shir Tamari further notes that the APT potentially was fixed in a position to “immediate single hop access to everything, any email box, file service or cloud account.”
Scope of the Storm-0558 Breach
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents