Member-only story
CODEX
Microsoft Customers Were Secretly Under Attack For Two Months
Reports of another hidden cyber espionage campaign illustrate the power imbalance between technology titans and their customers
Tens of thousands of small businesses and other organizations have just found out that sophisticated state-sponsored attackers are actively exploiting vulnerabilities in their email systems running Microsoft Exchange Server software. Because of the company’s position of privilege in the technology industry, it is unlikely to suffer any serious consequences for willfully and deliberately allowing the victimization of its customers.
According to reporting from KrebsOnSecurity, researchers from the security firm Volexity initially detected the attacks on January 6, 2021. Though the full reporting lineage is not publicly available, indications are that Microsoft has known about the cyber espionage campaign since at least early February, choosing to privately correct software flaws in obscurity rather than inform its customers of the risks they were operating under. On March 2, 2021, Microsoft released a report on its investigation into the threat actor it dubbed “Hafnium” and issued several emergency patches to correct the associated software deficiencies. Volexity President…
