(Bloomberg) -- Suspected Chinese hackers who infiltrated the emails of US Commerce Secretary Gina Raimondo and government officials from around the world may have had access beyond emails, according to a cloud security firm.
Earlier this month, Microsoft Corp. said that hackers had breached cloud-based email accounts at US and European government agencies by using a Microsoft account-signing key to forge authentication tokens. How the hackers obtained the key has not been revealed.
That key may have also been able to help hackers infiltrate applications that include Teams, OneDrive and Sharepoint, cloud security firm Wiz Inc. said on Friday.
“Identity provider’s signing keys are probably the most powerful secrets in the modern world,” wrote Shir Tamari, a researcher at Wiz. “With identity provider keys, one can gain immediate single hop access to everything, any email box, file service or cloud account. This isn’t a Microsoft specific issue. If a signing key for Google, Facebook, Okta or any other major identity provider leaks, the implications are hard to comprehend.”
While Microsoft mitigated this risk by revoking the affected encryption key, detailing the hackers’ techniques and publishing indicators showing users may have been compromised, customers may not be able to detect the use of forged tokens without disclosure of the security logs related to the token verification process, Tamari wrote.
Microsoft did not immediately respond to a request for comment.
Jake Williams, a security researcher and member of the intelligence community, tweeted that Wiz’s findings were “a nightmare scenario for those assessing impact. A significant number of third-party applications use Microsoft as an authentication provider. We now know they are potentially impacted.” He added: “Without logging, there’s no way to be sure for any given app.”
Last week, under pressure from US cybersecurity officials, Microsoft said it would provide free cloud security logs for all customers in the next few months. Security logs are critical for detecting and preventing cybersecurity threats, in addition to allowing hacking victims to quickly take action following a breach, according to US officials. Microsoft currently charges for some forms of logging as a premium feature.
