Savage. Basically Microsoft has no evidence to verify its theory of the attack.
> Microsoft learned that, in 2021, Storm-0558 had accessed a variety of documents stored in SharePoint and assessed that the threat actor was specifically looking for information on Azure service management and identity-related information. Despite Microsoft’s pursuit of the 46 key-theft hypotheses, the Board assesses that Microsoft does not know how Storm-0558 obtained the 2016 MSA key. Microsoft stated in a September 6, 2023 blog post that the most probable way Storm-0558 had obtained the key was from a crash dump to which it had access during the 2021 compromise of Microsoft’s systems. However, Microsoft had only theorized that such a scenario was technically feasible in the 2016 timeframe. While Microsoft updated this blog on March 12, 2024 to correct its assessment of these theories, it has not determined that this is how Storm-0558 obtained the key.
Taggart :donor: /
npub14x…wcfzw
2024-04-03 13:08:25
in reply to nevent1q…qs7y
Author Public Key
npub14xx8pgqrkzr5wg8afzflp2724gjyvyxurhrfyk9739fu892p2evqhwcfzwSeen on
wss://relay.primal.netPublished at
2024-04-03 13:08:25Event JSON
{
"id": "b34a9dde758153e22e900620ec97f00b079a2390952d7747467ea3883bf1b322",
"pubkey": "a98c70a003b0874720fd4893f0abcaaa244610dc1dc69258be8953c395415658",
"created_at": 1712149705,
"kind": 1,
"tags": [
[
"p",
"a98c70a003b0874720fd4893f0abcaaa244610dc1dc69258be8953c395415658"
],
[
"e",
"7b648b34ad8e28e2c8096a4c1d1d9c1314d51017413ad6c17bbdc2aa2f8f2dfb",
"",
"root"
],
[
"proxy",
"https://infosec.town/notes/9rne1h73d4mr0j5m",
"activitypub"
],
[
"L",
"pink.momostr"
],
[
"l",
"pink.momostr.activitypub:https://infosec.town/notes/9rne1h73d4mr0j5m",
"pink.momostr"
]
],
"content": "Savage. Basically Microsoft has no evidence to verify its theory of the attack.\n\n\u003e Microsoft learned that, in 2021, Storm-0558 had accessed a variety of documents stored in SharePoint and assessed that the threat actor was specifically looking for information on Azure service management and identity-related information. Despite Microsoft’s pursuit of the 46 key-theft hypotheses, the Board assesses that Microsoft does not know how Storm-0558 obtained the 2016 MSA key. Microsoft stated in a September 6, 2023 blog post that the most probable way Storm-0558 had obtained the key was from a crash dump to which it had access during the 2021 compromise of Microsoft’s systems. However, Microsoft had only theorized that such a scenario was technically feasible in the 2016 timeframe. While Microsoft updated this blog on March 12, 2024 to correct its assessment of these theories, it has not determined that this is how Storm-0558 obtained the key.",
"sig": "6d7d0f54b237486e669243469e643c6d932b3e47d3bf2349ac988ed88fc841e4f855bcd35dfab5ebcd7b4d95c1401bd0a7b128c5ababbb116684195b64f915da"
}