Remix.run Logo
llm_nerd an hour ago

From the reading of the document, I really don't think that's it. The suspects used phishing to get access to one company's servers, then used those servers to push software to other servers.

It 100% reads that they enlisted Microsoft to correlate telemetry data with some known activities, backtracking from that. Barring specific additional data, this should be extraordinarily concerning. Repeatedly the documents cite "Microsoft's records" for the activity - installing ngrok, accessing certain sites, RDP connections, etc.

baranul 24 minutes ago | parent [-]

But it has long been known that Microsoft actively collaborates with and provides user data to legal entities. It is more a matter of the general public not being aware of this, the kind of data collected, and to what extent will users continue to tolerate Microsoft's behavior.