Microsoft investigation unable to determine source of hacked Azure key used in Exchange email breach targeting 60,000 accounts

• Microsoft still unsure how hackers stole an Azure signing key in 2023 to access Exchange Online accounts after 10-month investigation

• Hackers forged authentication tokens using a legacy Microsoft Services Account (MSA) key that should have been revoked in 2021

• Theory that hackers obtained key from compromised device of acquired company engineer, but no evidence to support it

• At least 60,000 emails stolen from 22 organizations, including senior US government officials

• Attributed to Chinese state-sponsored hacker group Storm-0558 that focuses on espionage and has links to 2009 Operation Aurora cyberattack