Theft of Microsoft’s email signing key: Hackers are on a “signing spree”
In a recent blog post[1], Microsoft revealed how hackers stole an email signing key that the company uses to secure consumer email accounts like Outlook.com. The hackers used this digital skeleton key to break into both the personal and enterprise email accounts of government officials hosted by Microsoft, including U.S. Commerce Secretary Gina Raimondo and U.S. Ambassador to China Nicholas Burns.
The hack is seen as a targeted espionage campaign aimed at snooping on the unclassified emails of U.S. government officials and diplomats. It is also the latest example of the growing threat of Chinese cyberattacks against the United States.
Microsoft explained that[2] the hackers were able to steal the email signing key by exploiting a vulnerability in the company’s email server software. The vulnerability allowed the hackers to gain access to the server and steal the key.
Once the hackers had the key, they were able to forge digital signatures that made it appear as if their emails were coming from legitimate Microsoft servers. This allowed them to send phishing emails to government officials that looked like they were from Microsoft. When the officials clicked on the links in the emails, they were taken to fake Microsoft login pages where their credentials were stolen.
Microsoft has since patched the vulnerability in its email server software and has taken steps to mitigate the damage from the hack. However, the incident is a reminder of the importance of cybersecurity and the need to be vigilant against cyberattacks.
Here are some tips to help protect yourself from cyberattacks:
- Use strong passwords and enable two-factor authentication on all of your online accounts.
- Be careful about what links you click on and what attachments you open in emails.
- Keep your software up to date, including your operating system, web browser, and security software.
- Be aware of common phishing scams and how to identify them.
- If you think that your email account may have been compromised, you should change your password immediately and contact your email provider for assistance.
PS, if you would like to discuss your secure communications need with us, please feel free to reach out.