Type
Incident
Actors
Storm-0558
Pub. date
April 2, 2024
Initial access
Unknown
Impact
Data exfiltration
Observed techniques
Credential theft
References
https://www.cisa.gov/resources-tools/resources/cyber-safety-review-board-releases-report-microsoft-online-exchange-incident-summer-2023
Status
Finalized
Last edited
Jun 2, 2024 8:02 AM
In April 2020, Microsoft acquired Affirmed Networks. Sometime prior to that, Storm-0558 likely gained access to a device used by one of the company’s engineer, and retained that access following the acquisition, which allowed the threat actor to move laterally into Microsoft’s corporate environment. This may have eventually led to the Microsoft signing key compromise.