this post was submitted on 24 Jul 2023
14 points (93.8% liked)
cybersecurity
3262 readers
2 users here now
An umbrella community for all things cybersecurity / infosec. News, research, questions, are all welcome!
Community Rules
- Be kind
- Limit promotional activities
- Non-cybersecurity posts should be redirected to other communities within infosec.pub.
Enjoy!
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Fantastic writeup. I wonder, how does a threat actor get access to a signing key like this? There was no mention of how the key got leaked in the first place.
Yes, that part is still undisclosed by Microsoft. It is mentioned in the article as well:
We will continue to closely monitor this incident and provide updates; this is still an ongoing investigation and there are many unanswered questions (how did the threat actor acquire the key? When exactly did it happen? Were other keys compromised as well?).