Microsoft Software Linked to July’s Major Hack Depended on Chinese Support Teams

This article does not serve as investment advice. The author holds no shares in any of the stocks mentioned herein.

Microsoft’s Cybersecurity Breach Reveals Vulnerabilities

Last month, Microsoft experienced a significant cybersecurity breach involving its SharePoint software, reportedly orchestrated by state-sponsored attackers from China. A recent investigation by ProPublica has uncovered that the breach exploited support from an engineering team based in China. This incident coincided with the anniversary of the previous year’s Crowdstrike outage, which was caused by a problematic software update. In stark contrast to last year’s event, Microsoft is attributing the SharePoint compromise directly to Chinese cyber operatives.

Action Plan: Microsoft to Relocate SharePoint Support Teams

ProPublica’s latest findings indicate that a China-based engineering team was responsible for maintaining SharePoint, a platform widely used by organizations to establish internal networks and facilitate computer connectivity. During the attack in July, hackers leveraged vulnerabilities in SharePoint to gain access to the software’s servers, allowing them to install unauthorized tools and establish backdoors for continued infiltration.

The breach affected SharePoint versions dating back to 2016, with reports suggesting that U. S.federal agencies may have also been compromised during this extensive cyberattack.

ProPublica’s report reveals that engineering teams in China were tasked with resolving software bugs for SharePoint’s On-Premises version, which played a central role in the recent attack. While Microsoft refrained from acknowledging the presence of Chinese engineers in their formal communications following the breach, they did confirm the team’s existence to ProPublica.

Microsoft’s Response to Security Concerns

In response to the breach, Microsoft stated that the China-based engineering team operated under the supervision of a U. S.-based engineer and adhered to stringent security protocols, including managerial code reviews. The company has already initiated plans to relocate this support function away from China.

Concerns about China’s role in Western technological infrastructure have been prevalent for years, particularly since the Trump administration urged allies in Europe and NATO to refrain from integrating Huawei’s technology into their networks. This stems from a 2017 Chinese law mandating compliance from companies with state requests.

The ramifications of the July breach were extensive given SharePoint’s significant market penetration. Reports indicate that the National Nuclear Security Administration (NNSA), responsible for the U. S.strategic asset management, was also a target of this cyber incident. However, the Department of Energy, which oversees the NNSA, claimed that the overall impact on systems was minimal, affecting only a handful of them.

For further reading and detailed insights, refer to the full ProPublica report and additional commentary on cybersecurity implications.