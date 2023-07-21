Microsoft said the attacks were part of a espionage campaign and attributed it to a hacking group called Storm-0558. (Image: Unsplash)

Chinese hackers managed to get their hands on digital signing keys from Microsoft's servers, that allowed them to fake authorization for email inboxes belonging to US government agencies.

The inboxes compromised were used by US Commerce Secretary of State Gina Raimondo, US State department officials and other organizations, not yet named.

As reported by The Wall Street Journal, Microsoft said the attacks were part of a espionage campaign and attributed it to a hacking group called Storm-0558, which Microsoft says is bankrolled by Chinese agencies.

The latest reports say that Daniel Kritenbrink, the assistant secretary of state for East Asia was also targeted by the attacks.

How did the hacker gain access to classified emails?

In a blog post put up earlier this month, Microsoft said that Storm-0558, "forged authentication tokens" to gain access to inboxes from 25 different organizations including linked accounts in the cloud.

An authentication token or security token is used to securely transmit user information to the inbox servers. These are used to verify identities in applications, services and websites.

In this case, the authentication token was embedded with a digital signing key that would be shown to providers requesting verification. The hacking group managed to acquire, "an inactive MSA consumer signing key and used it to forge authentication tokens for Azure AD enterprise and MSA consumer to access OWA and Outlook.com".

Reportedly, the breach has put the Redmond technology giant under the scanner with agencies demanding that the company make their digital audits aka logs available to the public for free.

Microsoft says that it has already invalidated any MSA keys that were active prior to the incident. The company said that it is investigating the incident and has made improvements to "disrupt the mechanisms we believe the actor could have used to acquire MSA signing keys".