An actor that can acquire a private signing key can then create falsified tokens with valid signatures that will be accepted by relying parties. This is called token forgery.
The article just says they signed authentication tokens which gave them access to outlook emails. I don’t think it was code signing that would let them distribute software, and that’s not what they were after.
Pretend to be someone they aren’t
Oh cool so they can distribute updates?
The article just says they signed authentication tokens which gave them access to outlook emails. I don’t think it was code signing that would let them distribute software, and that’s not what they were after.
Thanks for actually reading the article o7