Can we just for a moment reflect on the thoroughness of the attackers to find that Microsoft signing key? That was a non-obvious location to find secrets—and in fact by rights the file was not supposed to include such secrets anyhow. So either the Chinese threat actors knew about the race condition leading to dump files containing secrets, or they were so thorough they looking at everything they could touch, once the Microsoft employee's machine was compromised.

Either way, this is an actual advanced persistent threat. And it makes you ask how much more they know that not even Microsoft knows about the edge cases of their products.