At a glance.
- Microsoft releases results of investigation into cloud email compromise.
- "Multiple nation-state actors" target the aerospace sector.
- DPRK targets security researchers.
- Fancy Bear makes an attempt on Ukrainian energy infrastructure.
- "Smishing Triad" impersonates postal services.
- MinIO storage exploit reported.
- New variant of Chae$ malware described.
Microsoft releases results of investigation into cloud email compromise.
Microsoft has published the results of its investigation into how a Chinese threat actor was able to obtain a Microsoft account consumer key, which it used to forge tokens to access OWA and Outlook.com. Redmond's investigators found that the threat actor (tracked as “Storm-0558”) compromised a Microsoft engineer’s corporate account, which had access to the crash dump containing the key. The company said, “Due to log retention policies, we don’t have logs with specific evidence of this exfiltration by this actor, but this was the most probable mechanism by which the actor acquired the key.” Storm-0558 is a Chinese cyberespionage actor. The crash dump incident saw it compromise cloud-based Outlook email systems used by at least twenty-five organizations, including several US Government agencies, the State Department among them.