Can we just for a moment reflect on the thoroughness of the attackers to find that Microsoft signing key? That was a non-obvious location to find secrets—and in fact by rights the file was not supposed to include such secrets anyhow. So either the Chinese threat actors knew about the race condition leading to dump files containing secrets, or they were so thorough they looking at everything they could touch, once the Microsoft employee's machine was compromised.

Either way, this is an actual advanced persistent threat. And it makes you ask how much more they know that not even Microsoft knows about the edge cases of their products. 

 @663e5b60 @7faadb2b Or, if they knew about the race condition, they may have been able to manipulate the engineer's machine to make the favorable outcome more likely.
As for finding the key—if memory serves, some time ago (>25 years, I think), Shamir had a paper on rapidly searching for keying material.