Explained | How did a China-based hacking group compromise Microsoft’s cloud security?

The story so far: In July, Microsoft said that a China-based hacking group breached U.S. government-linked email accounts. The company further explained that hackers were able to extract a cryptographic key from the engineer’s account to access into email accounts. The China-based threat actor was able to compromise Microsoft’s cloud security systems by using an acquired MSA key to forge tokens to access Outlook Web Access, Microsoft’s web-based mail client that is part of the company’s Exchange Server, Outlook.com. China called the Microsoft report about the China-based hacking group breaching government-linked email accounts “disinformation”, a report from AP said.