Microsoft Software at Center of July's Mega Hack Relyed on Chinese Support Teams
Micrsoft's historic cybersecurity breach last month, which saw its SharePoint software potentially exploited by Chinese hackers to install backdoors, relied on customer support from an engineering team in China, reveals a new report from ProPublica.
This is not investment advice. The author has no position in any of the stocks mentioned. Wccftech.com has a disclosure and ethics policy.
The SharePoint breach occurred on the anniversary of last year's Crowdstrike outage, which, according to official reports, occurred due to a faulty software patch. However, as opposed to last year's outage, Microsoft attributed the SharePoint breach to Chinese state-sponsored cyberattack groups.
Microsoft Says It's Working To Shift SharePoint Support Teams Away From China
A fresh report today, ProPublica claims to have viewed Microsoft's internal communication systems to determine that a China-based engineering team was running support for its SharePoint software. SharePoint enables users, typically organizations, to set up internal networks and link their computers.
The July breach saw attackers gain control of the software's servers, which provided them with the ability to install unauthorized software on them as well as backdoors for future access. The breach had affected versions of SharePoint dating as far back as 2016, with media reports suggesting that US federal agencies also saw their networks compromised during the attack.
While Microsoft was initially caught off guard by it, the firm ended up identifying other SharePoint vulnerabilities that could pose threats in the future but were not exploited at the time of discovery. According to today's report, China-based engineering teams were fixing bugs for SharePoint's software, which enables users to operate it on their own devices.
Called 'OnPrem' as short for 'On Premises,' the software was central to last month's attack. While Microsoft did not admit the presence of Chinese engineering teams in its official statement released after the attack, the firm did confirm to ProPublica that the team exists. Microsoft added that the team was "supervised by a US-based engineer and subject to all security requirements and manager code review.
Work is already underway to shift this work to another location,” according to ProPublica's report.
The Concerns Over Chinese Presence in American and Western Technological Infrastructure
Chinese presence in American and Western technological infrastructure has been a contentious issue for years ever since the first Trump administration pressured Europe and NATO to stop integrating Chinese tech giant Huawei's equipment into its networks.
The concerns stemmed from a 2017 Chinese law that requires companies and others in the country to comply with the state's requests for cooperation. The penetration of the July hack, due to SharePoint's market share, was far and wide. Reports suggested that the National Nuclear Security Administration (NNSA) - the body responsible for maintaining the United States' strategic assets - was also targeted.
The Department of Energy, which oversees the NNSA, maintained that the impact of the attacks was "minimal," with a very small number of systems being impacted. Xbox Revenue Grew 13% This Quarter as Microsoft CEO Boasts Game Pass Yearly Revenue of Almost $5 Billion