Home News Azure AD token forging technique in Microsoft Attack Extends

Azure AD token forging technique in Microsoft Attack Extends

Azure AD token forging technique in Microsoft Attack Extends


Latest World News: Azure AD token forging technique in Microsoft Attack Extends

Jul 21, 2023THNEmail Security / Cyberattack

Azure Active Directory

The recent attack on Microsoft’s messaging infrastructure by a Chinese nation-state actor called Storm-0558 is said to have a wider reach than previously thought.

According to cloud security firm Wiz, the inactive Microsoft Account (MSA) customer signing key used to forge Azure Active Directory (Azure AD or AAD) tokens to gain illicit access to Outlook Web Access (OWA) and Outlook.com could also have allowed the adversary to forge access tokens for various types of Azure AD applications.

This understand every app that supports personal account authentication, such as OneDrive, SharePoint, and Teams; customer apps that support the “Sign in with Microsoft feature” and multi-tenant apps under certain conditions.

“Everything in Microsoft uses Azure Active Directory authentication tokens for access,” said Ami Luttwak, chief technology officer and co-founder of Wiz, in a statement. “An attacker with an AAD signing key is the most powerful attacker you can imagine, because they can access almost any application – just like any user. They are a ‘shape-shifting’ superpower.

Microsoft last week revealed that the token forging technique was exploited by Storm-0558 to extract unclassified data from victims’ mailboxes, but the exact contours of the cyber espionage campaign remain unknown.

The Windows maker said it is still investigating how the adversary managed to acquire the MSA consumer signing key. But it’s unclear whether the key functioned as some sort of master key to unlock access to data belonging to nearly two dozen organizations.

Wiz’s analysis fills in some of the gaps, with the company finding that “all Azure v2.0 personal account applications depend on a list of 8 public keysand all Azure Multitenant v2.0 applications with an activated Microsoft account depend on a list of 7 public keys.”

Azure Active Directory

He further found that Microsoft had replaced one of the public keys listed (fingerprint: “d4b4cccda9228624656bff33d8110955779632aa”) that was present. since at least 2016 between June 27, 2023 and July 5, 2023, around the same time, the company said it revoked the MSA key.

“This led us to believe that although the compromised key acquired by Storm-0558 was a private key designed for Microsoft’s MSA tenant in Azure, it was also capable of signing OpenID v2.0 tokens for multiple types of Azure Active Directory applications,” Wiz said.


Insider Threat Shield: Mastering SaaS Security Posture Management

Worried about insider threats? We have what you need! Join this webinar to explore practical strategies and the secrets of proactive security with SaaS Security Posture Management.

Join today

“Storm-0558 apparently managed to gain access to one of several keys intended for signing and verifying AAD access tokens. The compromised key has been approved to sign any OpenID v2.0 access token for personal accounts and mixed audience AAD applications (multi-tenant or personal account).”

This effectively means that it could theoretically allow malicious actors to forge access tokens for use by any application that depends on the Azure identity platform.

Worse, the acquired private key could have been weaponized to forge tokens to authenticate as a user of an affected application that trusts Microsoft OpenID v2.0 mixed audience and personal account certificates.

“Identity provider signing keys are probably the most powerful secrets in the modern world,” said Shir Tamari, security researcher at Wiz. “With identity provider keys, one can gain immediate access to anything, any mailbox, file service or cloud account.”

Did you find this article interesting ? follow us on Twitter And LinkedIn to read more exclusive content that we publish.


Also read this Article:

An Overview of Global Events in 2023

In 2023, the world witnessed a myriad of events that left a lasting impact on global affairs. From political developments and economic shifts to environmental challenges and breakthroughs in science and technology, the year was marked by significant changes and a sense of urgency for collective action. Here’s an overview of some of the latest world news in 2023.

Political Unrest and Diplomatic Strides:
In the political arena, several regions experienced unrest and geopolitical tensions. The ongoing conflict in the Middle East continued to dominate headlines, with efforts towards peace and stability remaining elusive. However, there were also moments of diplomatic breakthroughs as nations engaged in dialogues to ease tensions and work towards lasting solutions.


Economic Transformations:
The global economy faced both challenges and opportunities. Trade disputes between major powers affected markets, while some countries grappled with debt crises. On the other hand, emerging economies showed resilience and promising growth, fueling optimism for a more balanced global economic landscape.

Technological Advancements:
Innovation surged forward in the tech industry, with breakthroughs in artificial intelligence, renewable energy, and space exploration. Quantum computing achieved milestones, promising radical transformations across industries. Renewable energy sources gained traction, with many countries setting ambitious goals to combat climate change.

Climate Crisis and Environmental Resilience:
As the climate crisis intensified, extreme weather events wreaked havoc in various parts of the world. Wildfires, hurricanes, and floods reminded humanity of the urgent need for climate action. In response, governments and communities across the globe doubled down on efforts to reduce carbon emissions, invest in sustainable infrastructure, and protect biodiversity.


Health and Pandemic Management:
Health remained a global priority as countries continued to combat the COVID-19 pandemic. With the emergence of new variants, vaccination efforts and public health measures remained crucial to curbing the spread of the virus. There were also significant advancements in medical research and technology, offering hope for better preparedness in handling future health crises.

Sports and Cultural Milestones:
Amidst the challenges, the world found moments of joy and unity through sports and culture. International sporting events brought together athletes from diverse backgrounds, promoting solidarity and camaraderie. Cultural exchanges and celebrations showcased the richness of human diversity and fostered mutual understanding.

In conclusion, the year 2023 was a dynamic period filled with significant events that shaped the course of history. From political unrest to technological advancements and environmental challenges, the world witnessed the complexities of the global landscape. While obstacles remained, there were also encouraging developments and collaborative efforts towards a more sustainable, peaceful, and prosperous future for all nations. As we move forward, the lessons learned from these events serve as a reminder of the importance of collective action and cooperation to address shared global challenges.