Our investigation of the security incident disclosed by Microsoft and CISA and attributed to Chinese threat actor Storm-0558, found that this incident seems to have a broader scope than originally assumed. Organizations using Microsoft and Azure services should take steps to assess potential impact.

This really doesn’t make me love cloud identity management. It’s exactly the scenario (kind of nightmare one) where you attack the cloud infrastructure and get access to many different customers and apps… potentially in a way completely undetectable by you. At least with local identity providers they have to compromise you, and you might have logs.