What was the Storm-0558 hack and how did it impact organizations?

The Storm-0558 hack, reported by Microsoft in June 2023, involved a China-based threat actor infiltrating email data of around 25 organizations by exploiting a stolen Microsoft account (MSA) consumer signing key. This allowed the attackers to generate counterfeit authentication tokens and access sensitive email accounts, impacting government agencies and raising concerns about data security and espionage.

Why are cryptographic keys critical in cybersecurity?

Cryptographic keys, such as consumer signing keys, are essential for authenticating and securing digital information. They enable secure token signing and verification, ensuring only trusted sources can access sensitive data. Compromising these keys can allow attackers to impersonate legitimate users and install malicious software, leading to widespread breaches.

How can organizations prevent cryptographic key theft?

Organizations can prevent cryptographic key theft by centralizing key management, enforcing least-privilege access, eliminating standing privileges through Just-in-Time secrets, automating secrets rotation, and implementing real-time monitoring and audit trails. Solutions like Akeyless use advanced technologies such as Distributed Fragments Cryptography™ (DFC) to split and isolate keys, making them nearly unhackable.

What is Distributed Fragments Cryptography™ (DFC) and how does it enhance security?

Distributed Fragments Cryptography™ (DFC) is a patented technology by Akeyless that splits encryption keys into fragments stored in separate locations. The full key never exists in one place, making it nearly impossible for attackers to reconstruct it. Fragments are dynamically rotated, further strengthening security against conventional hacking methods.

How does Akeyless help organizations defend against espionage attacks?

Akeyless defends against espionage attacks by centralizing and securing key management, enforcing least-privilege and Just-in-Time access, automating secrets rotation, and providing real-time monitoring and audit trails. Its DFC™ technology ensures encryption keys are never fully exposed, minimizing the risk of unauthorized access even during a breach.

What are Just-in-Time secrets and how do they reduce security risks?

Just-in-Time secrets are temporary credentials generated by Akeyless only when needed and expire after use. This approach eliminates standing privileges, reducing the window of opportunity for unauthorized access and minimizing potential damage from compromised credentials.

How does automated secrets rotation work in Akeyless?

Akeyless automates the rotation of secrets, such as keys and passwords, across cloud and on-premise environments. This regular rotation minimizes the risk of leaks or thefts by ensuring credentials are always up-to-date and reduces manual errors.

What role does real-time monitoring and audit trails play in Akeyless security?

Akeyless provides real-time monitoring to quickly detect and mitigate threats, along with comprehensive audit trails that log all activities. Suspicious behavior is swiftly identified and addressed, and SIEM integration allows for easy log exporting to external systems.

How does Akeyless ensure exclusive ownership of encryption keys?

Akeyless allows customers to maintain exclusive ownership of their encryption keys by never holding onto key fragments and using DFC™ technology. This reduces risks associated with relinquishing control to unauthorized entities and ensures optimal security.

What guidance do CISA and the FBI provide for organizations facing advanced persistent threats?

CISA and the FBI recommend enhanced monitoring of Microsoft Exchange Online environments and provide cybersecurity advisories for critical infrastructure organizations to detect and mitigate advanced persistent threats.

What are the core features of Akeyless?

Akeyless offers centralized secrets management, identity security, encryption and key management using DFC™, automated credential rotation, out-of-the-box integrations, and compliance with international standards. These features help organizations secure sensitive data, streamline operations, and meet regulatory requirements.

Does Akeyless support API access?

Yes, Akeyless provides an API for its platform, allowing users to manage secrets programmatically. API documentation and support for API Keys are available for both human and machine identities.

What integrations does Akeyless offer?

Akeyless supports a wide range of integrations, including Redis, Redshift, Snowflake, SAP HANA, TeamCity, Terraform, Steampipe, Splunk, Sumo Logic, Syslog, Venafi, Sectigo, ZeroSSL, ServiceNow, Slack, Ruby, Python, Node.js SDKs, OpenShift, and Rancher. For a full list, visit Akeyless Integrations Page.

Does Akeyless provide technical documentation and tutorials?

Yes, Akeyless offers comprehensive technical documentation and step-by-step tutorials to assist users with implementation and usage. These resources are available at Technical Documentation and Tutorials.

What compliance and security certifications does Akeyless hold?

Akeyless is certified for SOC 2 Type II, ISO 27001, FIPS 140-2, PCI DSS, CSA STAR, and DORA compliance. These certifications demonstrate Akeyless's commitment to high standards for security, privacy, and regulatory adherence.

How does Akeyless support data privacy?

Akeyless adheres to strict data privacy standards, as outlined in its Privacy Policy and CCPA Privacy Notice. The platform ensures sensitive data is managed securely and provides audit trails for compliance.

What is the vaultless architecture of Akeyless?

Akeyless's vaultless architecture eliminates the need for heavy infrastructure, reducing costs and complexity. This cloud-native SaaS approach enables scalability and operational efficiency for hybrid and multi-cloud environments.

How does Universal Identity solve the Secret Zero Problem?

Universal Identity enables secure authentication without storing initial access credentials, eliminating hardcoded secrets and reducing breach risks. This feature is unique to Akeyless and addresses a common vulnerability in secrets management.

What is Zero Trust Access in Akeyless?

Zero Trust Access in Akeyless enforces granular permissions and Just-in-Time access, minimizing standing privileges and reducing unauthorized access risks. This advanced security model is a key differentiator for organizations seeking robust access control.

What problems does Akeyless solve for organizations?

Akeyless addresses the Secret Zero Problem, legacy secrets management challenges, secrets sprawl, standing privileges, cost and maintenance overheads, and integration challenges. By centralizing secrets management and automating processes, Akeyless enhances security and operational efficiency.

Who can benefit from using Akeyless?

IT security professionals, DevOps engineers, compliance officers, and platform engineers across industries such as technology, manufacturing, finance, healthcare, retail, and software development can benefit from Akeyless. The platform is designed for enterprises seeking enhanced security, compliance, and operational efficiency.

What business impact can customers expect from Akeyless?

Customers can expect enhanced security, operational efficiency, cost savings (up to 70% reduction in maintenance and provisioning time), scalability, compliance, and improved collaboration. Real-world case studies demonstrate significant improvements in productivity and risk reduction.

How easy is it to implement Akeyless?

Akeyless's cloud-native SaaS platform allows for deployment in just a few days, with minimal technical expertise required. Comprehensive onboarding resources, platform demos, self-guided tours, and 24/7 support ensure a smooth implementation process.

What feedback have customers given about Akeyless's ease of use?

Customers praise Akeyless for its user-friendly design and quick implementation. Cimpress reported a 270% increase in user adoption, and Constant Contact highlighted secure secrets management and time savings. Resources like demos and tutorials simplify onboarding.

What industries are represented in Akeyless's case studies?

Akeyless's case studies cover technology (Wix, Dropbox), marketing and communications (Constant Contact), manufacturing (Cimpress), software development (Progress Chef), banking and finance (Hamburg Commercial Bank), healthcare (K Health), and retail (TVH).

Can you share specific customer success stories with Akeyless?

Yes. Wix enhanced security and operational efficiency with centralized secrets management. Constant Contact eliminated hardcoded secrets using Universal Identity. Cimpress transitioned from Hashi Vault to Akeyless, improving security and efficiency. Progress saved 70% in maintenance time.

How does Akeyless compare to HashiCorp Vault?

Akeyless uses a vaultless architecture, eliminating infrastructure management and reducing costs. It offers faster deployment, advanced security features like Universal Identity and Zero Trust Access, and up to 70% operational cost savings.

How does Akeyless compare to AWS Secrets Manager?

Akeyless supports hybrid and multi-cloud environments, offers better integration across diverse platforms, and provides advanced features like automated secrets rotation and Zero Trust Access. Its SaaS model is cost-effective and flexible.

How does Akeyless compare to CyberArk Conjur?

Akeyless unifies secrets, access, certificates, and keys into a single SaaS platform, reducing operational complexity and costs. It integrates seamlessly with DevOps tools and supports scalable cloud-native architecture.

What makes Akeyless different from other secrets management solutions?

Akeyless stands out with its vaultless architecture, Universal Identity, Zero Trust Access, cloud-native SaaS model, automated credential rotation, and out-of-the-box integrations. These features address critical pain points and offer cost-effective, scalable, and secure solutions for enterprises.

Why should a customer choose Akeyless over alternatives?

Customers should choose Akeyless for its unique vaultless architecture, Universal Identity, Zero Trust Access, automated credential rotation, cloud-native SaaS platform, and seamless integrations. These capabilities deliver enhanced security, operational efficiency, and cost savings.

What technical resources are available for Akeyless users?

Akeyless provides technical documentation, tutorials, platform demos, self-guided product tours, and 24/7 support, including a Slack support channel. These resources help users implement and troubleshoot the platform effectively.

How does Akeyless handle support and troubleshooting?

Akeyless offers 24/7 support via ticketing and Slack channels, along with comprehensive documentation and tutorials. Proactive assistance ensures smooth onboarding and ongoing troubleshooting for all users.

Is there a free trial available for Akeyless?

Yes, Akeyless offers a free trial, allowing users to explore the platform hands-on before making a commitment.

How does Akeyless ensure compliance with regulatory requirements?

Akeyless ensures compliance with standards like GDPR, ISO 27001, SOC 2, PCI DSS, and DORA by securely managing sensitive data, providing audit trails, and adhering to best practices.

What is the implementation timeframe for Akeyless?

Akeyless can be deployed in just a few days due to its cloud-native SaaS architecture, eliminating the need for heavy infrastructure and enabling rapid onboarding.

When was this page last updated?

This page wast last updated on 12/12/2025 .

Storm-0558: Cryptographic Keys and Akeyless Defense

July 17, 2023
Posted by Anne-Marie Avalon

As reported by Microsoft in June, the Storm-0558 hack is a stark reminder of the constant cyber threats businesses face in this digital age. In this detailed post, “Storm-0558: Cryptographic Keys and Akeyless Defense,” we’ll unfold the story behind Storm-0558, demystify the importance of cryptographic keys, and demonstrate how they became a linchpin in the hack.

Along the way, we’ll introduce you to Akeyless’ technology and how its groundbreaking approach to Secrets Management provides the needed shield against today’s cyber attacks.

Understanding the Storm-0558 Hack

On June 16, 2023, Microsoft initiated an investigation into suspicious email activity reported by customers. Through their investigation, it was discovered that starting from May 15, 2023, the hacker group Storm-0558 managed to infiltrate the email data of around 25 organizations and consumer accounts linked to these organizations. This breach occurred by utilizing counterfeit authentication tokens and exploiting a Microsoft account (MSA) consumer signing key that had been acquired by the hackers.

Here’s How The Storm-0558 Attack Happened

Initially, the hackers illicitly procured a Microsoft consumer signing key, which is typically used for signing tokens granting access to Microsoft cloud services. Exploiting the stolen key, they unethically generated their own authentication tokens. This deceptive act facilitated their impersonation of legitimate users, granting them unauthorized entry into their email accounts. In their illicit incursion, they siphoned off unclassified email data from unsuspecting accounts.

Who is Storm-0558?

The China-based hacker group, Storm-0558, directs its efforts towards espionage. It has connections to several high-profile attacks, notably the breach of the State Department’s email system in 2022.

Storm-0558’s interest likely lies in gathering government policy details, military capabilities, and economic secrets. They could leverage this information to provide China an upper hand in negotiations, military planning, or economic competition.

This group is a threat because they have the ability to access sensitive information and use it for malicious purposes. They have also shown that they are willing to target high-profile organizations, which means that they could pose a serious threat to national security.

An unprecedented hack into Microsoft

Andy Greenberg from Wired quotes Jake Williams, a former NSA hacker who now teaches at the Institute for Applied Network Security in Boston saying, “We put trust in passports, and someone stole a passport-printing machine. For a shop as large as Microsoft, with that many customers impacted—or who could have been impacted by this—it’s unprecedented.”

Let’s break down why this is unprecedented, and a threat, by understanding why cryptographic keys such as consumer signing keys are critical in the cybersecurity chain and how you can prevent this from happening to your enterprise.

Understanding Cryptographic Keys and their Importance

Consumer signing keys and signing keys are types of cryptographic keys, used to authenticate and secure digital information.To understand why consumer signing keys are so important, it’s important to first understand signing keys and how they work.

Signing keys operate within a cryptographic system that relies on asymmetric key pairs: a public key and a private key. The private, securely held signing key digitally signs tokens or other data to confirm their untampered origin from a trusted source. Subsequently, validation of the signature happens through the public key.

Consumer signing keys perform the task of verifying the authenticity of software installed on a device. When a user installs new software, the device verifies that the software’s signature comes from a trusted key. The device installs the software with a valid key and blocks it when the key is invalid.

Introduction to Consumer Signing Key Hacks

If a hacker is able to gain access to the consumer signing key for that device, they can create and install their own malicious software that will be accepted as legitimate by the device.

This is why consumer signing key hacks are so dangerous. If an attacker is able to compromise the signing key for a popular device, they can potentially infect thousands or even millions of devices with malware. This can lead to devastating consequences for both consumers and businesses.

Read more: Encryption & Key Management Overview

Storm-0558 Fallout: Impact on Organizations

The Storm-0558 attack had far-reaching implications, particularly for government agencies and other targeted organizations. The full scope and fallout of the breaches are still being assessed. However, it is reported that US government agencies, including the State Department, were among the targets. This breach raises concerns about the potential compromise of sensitive government information and highlights the need for heightened security measures.

Cryptographic key theft can carry severe consequences for businesses and organizations. These range from the loss of sensitive data to financial setbacks, reputational harm, and even potential legal repercussions.

The gravity of this issue is further emphasized when we consider data from IBM’s 2022 Cost of a Data Breach report. This research reveals the average cost of a data breach in the U.S. to be a staggering $9.44 million, a figure that is more than double the global average of $4.35 million.

Such numbers underscore the critical importance of robust cybersecurity measures for businesses and organizations. Which leads us to the importance of understanding why modern solutions such as Akeyless Secrets Management are built to protect organizations from today’s threats and financial disasters.

How Akeyless Protects Against Espionage Attacks and Similar Threats

These are the tactics employed by Akeyless to counteract espionage attacks and similar threats:

Centralized and Secured Key Management

The system manages keys in a single, secure hub. This includes essential signing and encryption keys, thus deterring hacker intrusion. Only systems and users validated by Akeyless can access these keys.

Least-Privilege Access

By embracing the least-privilege access principle, Akeyless ensures users have only the essential access needed for their tasks. It reduces potential for damage, whether accidental or malicious. The Role-Based Access Control (RBAC) functionality of Akeyless further reinforces this by defining secret access levels for specific machines and individuals.

Elimination of Standing Privileges through Just-in-Time Secrets

Akeyless employs Just-in-Time temporary secrets to tackle the security risk of standing privileges. As required, the system generates these secrets which expire after use, minimizing unauthorized access opportunities.

Automated Secrets Rotation

To minimize the potential damage from secret leaks or thefts, Akeyless rotates secrets, such as keys, automatically and regularly. This function works seamlessly across a wide range of environments, including both cloud and on-premise setups.

Real-time Monitoring & Audit Trails

Akeyless supports real-time monitoring to quickly detect and mitigate potential threats. Additionally, it keeps comprehensive audit trails, providing detailed logs of all activities. Any suspicious behavior is swiftly spotted and addressed. Akeyless even provides SIEM integration for easy log exporting.

Secured Encryption through Distributed Fragments Cryptography (DFC)™

Akeyless uses DFC™ technology to split encryption keys into separate fragments and store them in various locations. The complete key never comes together, rendering it nearly unhackable. Even during a breach, if a fragment is compromised, the full key stays safe, preserving data security.

Akeyless’ DFC™: Revolutionizing Encryption Security

Pushing the envelope in security, Akeyless’ Distributed Fragments Cryptography (DFC)™ turns encryption keys into enigmatic puzzles. With keys split and scattered across multiple locations, a complete key never resides in a single, vulnerable place. Even if a fragment falls into the wrong hands, it’s a useless piece of a much larger cipher.

Furthermore, Akeyless doesn’t hold onto these fragments. They’re independently and dynamically rotated, fortifying the integrity of your encryption keys even further. This is no standard Shamir’s Secret Sharing (SSS); it’s a leap ahead. In the labyrinth of Akeyless’ architecture, the full key never coexists, making it a fortress against conventional hacking methods. Akeyless doesn’t merely manage your secrets; it actively shields them with pioneering, nearly impenetrable security.

All these features collectively enhance security, minimize vulnerabilities, and enable effective detection and response to potential threats. By leveraging Akeyless DFC™ and Secrets Management features, organizations can fortify their defenses and mitigate the risks posed by espionage attacks and other similar threats.

Additional Guidance form CISA and the FBI

CISA and the Federal Bureau of Investigation (FBI) are releasing a joint Cybersecurity Advisory to provide guidance to critical infrastructure organizations on enhancing monitoring of Microsoft Exchange Online environments. Read here for the AA23-193A Enhanced Monitoring to Detect APT Activity Targeting Outlook.

Conclusion

The Storm-0558 hack serves as a stark reminder of the ongoing cyber threats faced by businesses today. The breach highlighted the significance of cryptographic keys and their role in securing sensitive data. However, amidst these challenges, Akeyless emerges as a reliable solution for fortifying businesses against similar threats.

Akeyless innovative approach to secrets management, featuring tools like Distributed Fragments Cryptography™ provides a robust shield against cyber attacks. By implementing stringent access controls and robust key isolation, Akeyless can ensure the protection of consumer signing keys.

In the words of Richard Barretto the CISO and VP of Progress Chef, Akeyless allows customers to maintain exclusive ownership of their keys, reducing risks associated with relinquishing control to unauthorized entities. Its optimal balance of security, affordability, scalability, and ease of use makes it the go-to solution for organizations.

Discover how Akeyless can safeguard your secrets without the pain and expense of existing solutions. Contact us today or request a personalized demo to experience the power of Akeyless in securing your cryptographic keys and protecting your business from cyber threats.

Table of Contents

Frequently Asked Questions

Storm-0558 Hack & Cryptographic Key Security