Last month Microsoft announced that hackers funded by the Chinese state National Nuclear Security Administration and the Internal Security Department.
The company has not included in its message that SharePoint support is obtained in China an engineering group that has been responsible for maintaining software over the years.
PROPUBLICA viewed the screenshots of the internal Microsoft track tracking system, which showed that employees based in China have recently secured errors for SharePoint “Online”, the version of the software involved in the attacks last month. The term, which is short for “indoors” refers to software installed and launching on your own computers and customer servers.
Microsoft said the Chinese team “is under the supervision of an American engineer and subordinates all the safety and review manager requirements. The work is already underway to translate this work to another place.”
It is unclear whether Microsoft staff played a role in Hack SharePoint. But experts said that the staff based in China to provide technical support and maintenance of US government systems can create serious security risks. Laws in China are providing extensive data collection powers to officials, and experts say that any citizen of China or the company is difficult to resist a direct request for security forces or law enforcement agencies. Director’s Office of National Intelligence He considered China “the most active and sustainable cyber force for the US government, private sector and critical infrastructure.”
PROPUBLICA revealed In a plot published last month This Microsoft has relied on foreign workers for decades, including in China to maintain cloud defense systems, and overseeing the US staff known as digital support. But these accompanions often have no advanced technical examination for foreign police counterparts with much more sophisticated skills, leaving very sensitive information vulnerable, the investigation showed.
Propublica found that Microsoft has developed an accompaniment to satisfy the officers of the Defense Department, which were concerned about the foreign employees of the company, and fulfill the department’s demand for people who have addressed sensitive data, will be US citizens or permanent residents. Microsoft continued to win the federal business -calculating business and stated in Reports on income that he gets “significant profit from government contracts”. Propublica also found that Microsoft uses its engineers based in China to maintain cloud systems of other federal agencies, including parts of justice, treasury and commerce.
In response to Microsoft reporting said he stopped his use The engineers based in China support the cloud computing systems, and this has considered the same changes for other government clients. In addition, the Minister of Defense Pete Hegset launched the review technology companies’ rely for foreign engineers to support the department. Meaning. Tom Kotton, Republican Arkansas, and Jeanne Shakhin, Democrat New Yampshire, have written letter In HegSeth, citing the PROPBLICA investigation, Microsoft’s support for China’s support is required.
Microsoft said his analysis showed that Chinese hackers use weakness SharePoint Another July 7. On July 8, the company released the patch, but the hackers were able to bypass it. After that microsoft New patch with “more reliable protection”.
Agency for Cybersecurity and US Infrastructure said that vulnerability Include hackers “fully access the SharePoint contents, including file systems and internal configurations, and execute the network code”. CISA said the hackers also used their access to the ransomware that encrypts the victim files and requires payment for release.
DHS press secretary said there was no evidence that the data was taken from the agency. A press secretary of the Energy Department, which includes the National Nuclear Security Administration, said in a statement that the agency “minimally influences”.
“At this time, we do not know that there was any sensitive and classified information that was broken,” said Ben Dytherich’s press.
Microsoft said This, starting next July, it will no longer support local versions of SharePoint. He urged customers to switch to a product internet that brings more profit as it provides for the software subscription, as well as using the Azure Cloud Computing Microsoft platform. In recent years, the Azure Cloud Computing Business has led the Microsoft stock price. On Thursday, it became the second company in history, which was estimated at more than $ 4 trillion.
Doris Burke have made research.
