Business

Microsoft Used China-Based Engineers To Support Product Recently Hacked By China

Image Courtesy Of Sam Torres On Unsplash

Microsoft announced that Chinese state-sponsored hackers had exploited vulnerabilities in its popular SharePoint software but didn’t mention that it has long used China-based engineers to maintain the product.

This article was written by Renee Dudley and originally published by ProPublica.

Last month, Microsoft announced that Chinese state-sponsored hackers had exploited vulnerabilities in SharePoint, the company’s widely used collaboration software, to access the computer systems of hundreds of companies and government agencies, including the National Nuclear Security Administration and the Department of Homeland Security.

The company did not include in its announcement, however, that support for SharePoint is handled by a China-based engineering team that has been responsible for maintaining the software for years.

ProPublica viewed screenshots of Microsoft’s internal work-tracking system that showed China-based employees recently fixing bugs for SharePoint “OnPrem,” the version of the software involved in last month’s attacks. The term, short for “on premises,” refers to software installed and run on customers’ own computers and servers.

Microsoft said the China-based team “is supervised by a US-based engineer and subject to all security requirements and manager code review. Work is already underway to shift this work to another location.”

It’s unclear if Microsoft’s China-based staff had any role in the SharePoint hack. But experts have said allowing China-based personnel to perform technical support and maintenance on U.S. government systems can pose major security risks. Laws in China grant the country’s officials broad authority to collect data, and experts say it is difficult for any Chinese citizen or company to meaningfully resist a direct request from security forces or law enforcement. The Office of the Director of National Intelligence has deemed China the “most active and persistent cyber threat to U.S. Government, private-sector, and critical infrastructure networks.”

ProPublica revealed in a story published last month that Microsoft has for a decade relied on foreign workers — including those based in China — to maintain the Defense Department’s cloud systems, with oversight coming from U.S.-based personnel known as digital escorts. But those escorts often don’t have the advanced technical expertise to police foreign counterparts with far more advanced skills, leaving highly sensitive information vulnerable, the investigation showed.

ProPublica found that Microsoft developed the escort arrangement to satisfy Defense Department officials who were concerned about the company’s foreign employees, and to meet the department’s requirement that people handling sensitive data be U.S. citizens or permanent residents. Microsoft went on to win federal cloud computing business and has said in earnings reports that it receives “substantial revenue from government contracts.” ProPublica also found that Microsoft uses its China-based engineers to maintain the cloud systems of other federal departments, including parts of Justice, Treasury and Commerce.

In response to the reporting, Microsoft said that it had halted its use of China-based engineers to support Defense Department cloud computing systems, and that it was considering the same change for other government cloud customers. Additionally, Defense Secretary Pete Hegseth launched a review of tech companies’ reliance on foreign-based engineers to support the department. Sens. Tom Cotton, an Arkansas Republican, and Jeanne Shaheen, a New Hampshire Democrat, have written letters to Hegseth, citing ProPublica’s investigation, to demand more information about Microsoft’s China-based support.

Microsoft said its analysis showed that Chinese hackers were exploiting SharePoint weaknesses as early as July 7. The company released a patch on July 8, but hackers were able to bypass it. Microsoft subsequently issued a new patch with “more robust protections.”

The U.S. Cybersecurity and Infrastructure Security Agency said that the vulnerabilities enable hackers “to fully access SharePoint content, including file systems and internal configurations, and execute code over the network.” Hackers have also leveraged their access to spread ransomware, which encrypts victims’ files and demands a payment for their release, CISA said.

A DHS spokesperson said there is no evidence that data was taken from the agency. A spokesperson for the Department of Energy, which includes the National Nuclear Security Administration, said in a statement the agency was “minimally impacted.”

“At this time, we know of no sensitive or classified information that was compromised,” the spokesperson, Ben Dietderich said.

Microsoft has said that, beginning next July, it will no longer support on-premises versions of SharePoint. It has urged customers to switch to the online version of the product, which generates more revenue because it involves an ongoing software subscription as well as usage of Microsoft’s Azure cloud computing platform. The strength of the Azure cloud computing business has propelled Microsoft’s share price in recent years. On Thursday, it became the second company in history to be valued at more than $4 trillion.

U Cast Studios

Next Americans Are Eating (Slightly) Less Ultra-Processed Foods »

Previous « Never-Before-Seen Photos Inside Jeffrey Epstein's Creepy Mansion

11 months ago

Automakers Race Into Humanoid Robots As Timeline For Blue-Collar Job Disruption Emerges

Bernstein analyst Eunice Lee is out with a fascinating note explaining why automakers are making… Read More

14 hours ago

News

Prime Minister Keir Starmer Resigns As UK Faces 7th Leader In A Decade

The Keir Starmer experiment is officially over, as was growing increasingly clear over the weekend,… Read More

2 days ago

Lifestyle

Credit Cards Are A Dangerous Necessity

For many Americans, credit cards can feel like a lifeline during difficult times. An unexpected… Read More

5 days ago

Business

Rochester Already Has The Pieces To Solve Its Housing Crisis

Real progress starts with empowering local residents to build. During a recent visit to Rochester,… Read More

5 days ago

Lifestyle

The Drawer Problem: Why So Many Of Us Can’t Let Go Of Our Old Electronics

Think about the last smartphone, tablet or smartwatch you stopped using. Odds are it is… Read More

6 days ago

Business

Stop Wasting Budget On The Wrong Google Ads Clicks

Learn how to refine your targeting, eliminate low-quality traffic, and optimize campaign performance so every… Read More