Microsoft is still trying to figure out how Chinese hackers managed to steal a Microsoft account consumer signing key (MSA) and use it to target more than two dozen email accounts from various businesses and government organizations in the West. In an in-depth analysis of the incident, the company confirmed that the theft was still being investigated: "The method by which the actor acquired the key is a matter of ongoing investigation," it says in the writeup. “Though the key was intended only for MSA accounts, a validation issue allowed this key to be trusted for signing Azure AD tokens....