https://www.microsoft.com/en-us/security/blog/2023/07/14/analysis-of-storm-0558-techniques-for-unauthorized-email-access/

  • Awoo [she/her]
    ·
    edit-2
    1 year ago

    I really struggle to believe that a military performing espionage actions is stupid enough to operate without spreading hours of operation in a harder to track way. But maybe they don't give a shit? Just seems like something you could easily hide.

    Show

    EDIT: Question - Why would an inactive microsoft consumer account have the ability to forge tokens for Outlook.com? Would this not limit it to a specific subset of accounts?

    We determined that Storm-0558 was accessing the customer’s Exchange Online data using Outlook Web Access (OWA).

    Ahh yes, this would be one specific customer of microsoft that was targeted. Hopefully the NSA or some shit lmao

      • Awoo [she/her]
        ·
        edit-2
        1 year ago

        Yeah you can go full conspiracy brain with this if you want to question whether microsoft and the state would collaborate for propaganda. I'm not quite so tinfoil hat but there's certainly questions.

        • hector_titucius [he/him]
          hexagon
          ·
          1 year ago

          Calling everything potential Inter-intel-agency warfare is my favorite new tinfoil one-upmanship move

          • Awoo [she/her]
            ·
            1 year ago

            The more things deteriorate the more sus everything everywhere looks.