Microsoft is dealing with a big mess caused by hackers supported by China. These hackers broke into email inboxes, including those of government agencies, and Microsoft can't figure out how they did it. The hackers exploited a Microsoft signing key to fake authentication tokens, giving them access to these inboxes. The group behind is called Storm-0558 and is believed to have connections to China, although China denies it. The U.S. Cybersecurity agency mentioned that only a few government accounts were affected, but the exact number is not clear.
Microsoft blocked the hackers, but it's still a mystery how they got their hands on Microsoft's keys. Microsoft has improved its key security to prevent this from happening again. Interestingly, the hackers made a mistake by using the same key for multiple attacks, making it easier for investigators to identify who was compromised. But Microsoft is facing criticism for not providing enough visibility to government departments about the intrusion. This incident is a big deal, similar to the SolarWinds hack in 2020, and the investigation is likely to continue for a while.
