I have just skimmed this so maybe itās answered, but seems the entire thing boils down to:
Storm-0558 acquired an inactive MSA consumer signing key
How?
I really struggle to believe that a military performing espionage actions is stupid enough to operate without spreading hours of operation in a harder to track way. But maybe they donāt give a shit? Just seems like something you could easily hide.
EDIT: Question - Why would an inactive microsoft consumer account have the ability to forge tokens for Outlook.com? Would this not limit it to a specific subset of accounts?
We determined that Storm-0558 was accessing the customerās Exchange Online data using Outlook Web Access (OWA).
Ahh yes, this would be one specific customer of microsoft that was targeted. Hopefully the NSA or some shit lmao
Yeah you can go full conspiracy brain with this if you want to question whether microsoft and the state would collaborate for propaganda. Iām not quite so tinfoil hat but thereās certainly questions.
Calling everything potential Inter-intel-agency warfare is my favorite new tinfoil one-upmanship move
foot authority roof thunder dark apple selection off point trick complete scale grey wave copper any enough part tired sail writing amount growth chain female red place curtain servant sugar smash not way enough flag powder necessary milk doubt adjustment damage payment cruel be he other fertile writing sister edge
mountain mist sweet snow growth cry stem cloud run house all dead example solid toe watch how get whip flat journey noise growth of light request town language low space window last cup dry brother force automatic growth approval who body bee even knot idea rub black male machine blade
trouble knife belief please drawer school walk answer music nose reaction see necessary harbour plant army push weight amount hook tight effect ship baby toe cause mouth garden physical winter safe jelly cheap writing why wine will food fact prose glove south country mark test bird rough journey property size
