• Soviet Pigeon@lemmygrad.ml
    link
    fedilink
    arrow-up
    21
    arrow-down
    2
    ·
    1 year ago

    Since May, according to Microsoft, Chinese hackers have been secretly accessing data from the State Department and Commerce Department, among other targets including Western European entities.

    Shut the fuck up. Its not Chinas fault, that Microsoft miserably failed. Whoever of the whatever-department decided to put their stuff in to the microsoft cloud was an idiot. How the fuck could this happen at the first place. This remindes of Solardwinds, when their password “solarwinds123” (What a secure password!) has been spotted on their Github repo.

    MSA (consumer) keys and Azure AD (enterprise) keys are issued and managed from separate systems and should only be valid for their respective systems. The actor exploited a token validation issue to impersonate Azure AD users and gain access to enterprise mail.

    (source)

    They had one fucking job. But no no, its not their fault, its China! Dont look at us, our cloud products are still great. And please dont forget to put 20 layers of snake oil on your computer