Wiz has posted a blog discussing the implications of the recently announced security incident affecting Microsoft where a Chinese-attributed threat actor stole a private encryption key to forge access tokens for various Outlook products. After conducting further technical analysis, researchers believe that this stolen key could also impact users of Azure Active Directory, SharePoint, Teams, and OneDrive.
Specifically, the stolen key was used for signing OpenID v2.0 access tokens for personal accounts and mixed-audience Azure Active Directory applications, which means the incident is believed to have a much wider impact than initially reported. Wiz provides recommended steps for organizations who use potentially compromised applications in their environment. While Microsoft advised customers it believed were impacted, members are encouraged to review the joint cybersecurity advisory on Enhanced Monitoring to Detect APT Activity Targeting Outlook Online from CISA and the FBI and address accordingly. Read more at Wiz.