Information on the Microsoft Master Key Incident
On 11 July 2023, Microsoft published a report in which the company confirmed that there had been attempts by Chinese actors to hack customer email accounts. However, the company only provided limited information on the scope of the security incident.
According to current findings, the hackers had extensive access to numerous data within Microsoft’s cloud services for several weeks on end. This involved services such as Outlook, SharePoint, Office 365, Teams, OneDrive, and also third-party applications that use the “Sign in with Microsoft” function.
To date, Microsoft has not provided any detailed information about the incident or the associated consequences. It is known that the hackers, presumably from China, who were identified by Microsoft as Storm-0558 were able to gain a privileged key (master key). With it, they had the ability to read third-party emails, among other things.
Within the Azure cloud, Microsoft acts as an identity provider and stores all user information in the Azure Active Directory (AAD). During the login process, AAD checks the password and, if necessary, additional security factors such as TOTP verification codes. If authentication is successful, the requesting application receives a token digitally signed by Microsoft, which authorises it to perform actions on behalf of the user, for example to retrieve emails.
The hackers apparently were able to obtain such a key that was authorised to sign these tokens. With these tokens, they had access to email accounts that were stored in the Microsoft cloud, particularly from various European government agencies, for a long period without being noticed.
During the investigation of the security incident, Microsoft found that European government agencies and some private accounts, presumably in the same context, were compromised. According to Microsoft, all affected customers have been informed by this time.
The general recommendation for potentially impacted organisations is to carefully check their inbox for official communications from Microsoft regarding the incident to ensure that no relevant communications have been overlooked. In addition, it is advisable to regularly consult the specialist media and publications of the BSI in order to obtain up-to-date information regarding the “master key incident”. Apart from these measures, no further urgent technical or organisational actions or notifications to third parties seem to be necessary at present, since the data protection authorities have already been informed. However, binding statements on the required actions of individual organisations can naturally only be made by the organization’s responsible data protection officer or information security officer.
The Finlex Cyber Ecosystem offers all-round support that spans several core areas. This starts with the “smart risk assessment”, the identification and assessment of risks. This is followed by core area two, “smart protection”, which is focused on the placement of high-quality and competitive insurance solutions as well as the ongoing support and continuous monitoring of IT security. Core area three, “smarter claims support”, i.e. support in the event of a claim, rounds off the ecosystem.[/vc_column_text]
[/vc_column][/vc_row]Similar Posts
![](https://finlex.io/wp-content/uploads/2024/07/240722_Crowdstrike2-600x600.jpg)
Crowdstrike-Vorfall – Erhalten betroffene Unternehmen eine Entschädigung aus ihrer Cyber-Versicherung?
Ein fehlerhaftes Update des US-amerikanischen IT- Sicherheitsdienstleisters Crowdstrike hat am Freitag zu weitreichenden Störungen geführt. Experten sprechen vom größten, nicht…
![](https://finlex.io/wp-content/uploads/2024/07/FSA-2024_Zurich-600x600.jpg)
Weshalb ein stabiler D&O-Markt unwahrscheinlich ist
In den letzten Jahren wurde die deutsche Wirtschaft durch die Covid-19 Pandemie, geopolitische Krisen sowie hohe Inflation geprägt. Sowohl wirtschaftliche…
![](https://finlex.io/wp-content/uploads/2024/07/FSA-2024_Berkley-1-600x600.jpg)
Berkley Deutschland – einer der führenden Anbieter von Spezialversicherungen und Risikolösungen für den Mittelstand mit umfassendem Produktangebot in Deutschland und Österreich
Im Interview sprechen Alexa von Brevern, Manager Financial Lines und Manuel Metz, Manager Cyber Europe darüber, warum Versicherungsschutz insbesondere für…
![](https://finlex.io/wp-content/uploads/2024/07/Fotogalerie_FSA_2024-2-600x600.jpg)
Finlex Financial Lines Summit Austria 2024
[vc_column width="1/1"]This was our 1st Financial Lines Summit Austria - the industry meeting of the rapidly growing cyber and financial…
![](https://finlex.io/wp-content/uploads/2024/07/Press-release_expert_lane-1-600x600.jpg)
New Cyber Expert Lane on the Finlex platform with innovative tender feature
Specialist broker Finlex is launching its new Cyber Expert Lane for companies of all sizes and in all sectors. The…
![](https://finlex.io/wp-content/uploads/2024/04/Blogpost-600x600.jpg)
Smarter D&O-Versicherungsschutz auch für große Kanzleien
Erweitertes Angebot der Zurich Gemeinsam mit den Versicherern Markel, ERGO, Newline und Zurich bietet Finlex eine spezielle Unternehmens-D&O-Versicherung für Kanzleien…
![](https://finlex.io/wp-content/uploads/2024/03/Blogpost-rs-600x600.jpg)
The requirements of § 81 para. 2 VVG (grossly negligent causation of the insurance case) in Cyber insurance
[vc_column width="1/1"] (Erichsen/Seiz, r+s 2024, S. 97) Unfortunately, Cyber attacks on businesses are no longer uncommon, but rather part of…
![](https://finlex.io/wp-content/uploads/2024/02/Blogpost-600x600.jpg)
Impact of the current ECJ jurisdiction on Art. 82 GDPR on Cyber insurance
In three recent judgments (C-687/21, C-340/21 and C-456/22), the ECJ has clarified its jurisdiction on the data protection responsibility of…
![](https://finlex.io/wp-content/uploads/2024/02/Newsroom_Personal-DO_02-600x600.jpg)
Personal D&O insurance on Finlex platform with three insurers
Managers now can protect themselves against liability risks targeting their personal assets. They can purchase a personal D&O insurance via…
![](https://finlex.io/wp-content/uploads/2024/02/NewsroomCyber-Oekosystem_01-600x600.jpg)
Finlex expands its Cyber Ecosystem
To counteract the developments in Cyber crime, Cyber insurance is continuously changing and improving. Companies, however, need a symbiosis of…