The mystery of how Chinese hackers managed to steal a crucial signing key that allowed them to breach Microsoft 365’s email service and access accounts of employees of 25 government agencies has been explained: they found it somewhere where it shouldn’t have been – Microsoft’s corporate environment. The theft of a Microsoft signing key In short: The key was included in the crash dump of a consumer signing system located in Microsoft’s “highly isolated and … Continue reading How Chinese hackers got their hands on Microsoft’s token signing key