Affirmed Networks breach

Type

Incident

Actors

🌩️Storm-0558

Pub. date

April 2, 2024

Initial access

Unknown

Impact

Data exfiltration

Observed techniques

Credential theft

References

https://www.cisa.gov/resources-tools/resources/cyber-safety-review-board-releases-report-microsoft-online-exchange-incident-summer-2023

Status

Finalized

Last edited

Jun 2, 2024 8:02 AM

In April 2020, Microsoft acquired Affirmed Networks. Sometime prior to that, Storm-0558 likely gained access to a device used by one of the company’s engineer, and retained that access following the acquisition, which allowed the threat actor to move laterally into Microsoft’s corporate environment. This may have eventually led to the Microsoft signing key compromise.