The aftermath to the recent Microsoft Azure hack by suspected PRC actors.
What is the solution to this? Make sure cloud services are open source so they can be independently vetted? If government and corporate entities chose to use open source solutions, most are presented “as is” with no warranty.
“This incident demonstrates the evolving challenges of cybersecurity in the face of sophisticated attacks. We continue to work directly with government agencies on this issue, and maintain our commitment to continue sharing information at Microsoft Threat Intelligence blog."
Translation: Fixing bugs cost way to much more money than just leaving them in, so in order to save the profits, we just wait them out. If the shit hits the fan, we can still start looking into the issue and maybe get some PR coverage to distract the public.
But we still happily support government agencies to exploit the barndoor-sized holes in our software for whatever nefarious reasons they have because they pay us for that.