Forged Azure Access Tokens Exploited by Storm-0558: A Cloud Vulnerability Transparency Gap
Starting May 15, 2023, threat actor Storm-0558 illicitly employed forged Azure Access tokens tokens to gain unauthorized access to user emails in around 25 organizations, encompassing government agencies and various consumer accounts hosted on the public cloud.