\n<\/p>\n
ProPublica is a nonprofit newsroom that investigates abuses of power. Sign up to receive our biggest stories as soon as they\u2019re published.<\/p>\n
Last month, Microsoft announced that Chinese state-sponsored hackers had exploited vulnerabilities in SharePoint, the company\u2019s widely used collaboration software, to access the computer systems of hundreds of companies and government agencies, including the National Nuclear Security Administration and the Department of Homeland Security.<\/p>\n
The company did not include in its announcement, however, that support for SharePoint is handled by a China-based engineering team that has been responsible for maintaining the software for years.<\/p>\n
ProPublica viewed screenshots of Microsoft\u2019s internal work-tracking system that showed China-based employees recently fixing bugs for SharePoint \u201cOnPrem,\u201d the version of the software involved in last month\u2019s attacks. The term, short for \u201con premises,\u201d refers to software installed and run on customers\u2019 own computers and servers.<\/p>\n
Microsoft said the China-based team \u201cis supervised by a US-based engineer and subject to all security requirements and manager code review. Work is already underway to shift this work to another location.\u201d<\/p>\n
It\u2019s unclear if Microsoft\u2019s China-based staff had any role in the SharePoint hack. But experts have said allowing China-based personnel to perform technical support and maintenance on U.S. government systems can pose major security risks. Laws in China grant the country\u2019s officials broad authority to collect data, and experts say it is difficult for any Chinese citizen or company to meaningfully resist a direct request from security forces or law enforcement. The Office of the Director of National Intelligence has deemed China the \u201cmost active and persistent cyber threat to U.S. Government, private-sector, and critical infrastructure networks.\u201d<\/p>\n
ProPublica revealed in a story published last month that Microsoft has for a decade relied on foreign workers \u2014 including those based in China \u2014 to maintain the Defense Department\u2019s cloud systems, with oversight coming from U.S.-based personnel known as digital escorts. But those escorts often don\u2019t have the advanced technical expertise to police foreign counterparts with far more advanced skills, leaving highly sensitive information vulnerable, the investigation showed.<\/p>\n
ProPublica found that Microsoft developed the escort arrangement to satisfy Defense Department officials who were concerned about the company\u2019s foreign employees, and to meet the department\u2019s requirement that people handling sensitive data be U.S. citizens or permanent residents. Microsoft went on to win federal cloud computing business and has said in earnings reports that it receives \u201csubstantial revenue from government contracts.\u201d ProPublica also found that Microsoft uses its China-based engineers to maintain the cloud systems of other federal departments, including parts of Justice, Treasury and Commerce.<\/p>\n
In response to the reporting, Microsoft said that it had halted its use of China-based engineers to support Defense Department cloud computing systems, and that it was considering the same change for other government cloud customers. Additionally, Defense Secretary Pete Hegseth launched a review of tech companies\u2019 reliance on foreign-based engineers to support the department. Sens. Tom Cotton, an Arkansas Republican, and Jeanne Shaheen, a New Hampshire Democrat, have written letters to Hegseth, citing ProPublica\u2019s investigation, to demand more information about Microsoft\u2019s China-based support.<\/p>\n
Microsoft said its analysis showed that Chinese hackers were exploiting SharePoint weaknesses as early as July 7. The company released a patch on July 8, but hackers were able to bypass it. Microsoft subsequently issued a new patch with \u201cmore robust protections.\u201d<\/p>\n
The U.S. Cybersecurity and Infrastructure Security Agency said that the vulnerabilities enable hackers \u201cto fully access SharePoint content, including file systems and internal configurations, and execute code over the network.\u201d Hackers have also leveraged their access to spread ransomware, which encrypts victims\u2019 files and demands a payment for their release, CISA said.<\/p>\n
\n Microsoft Used China-Based Support for Multiple U.S. Agencies, Potentially Exposing Sensitive Data<\/strong>\n <\/p>\n A DHS spokesperson said there is no evidence that data was taken from the agency. A spokesperson for the Department of Energy, which includes the National Nuclear Security Administration, said in a statement the agency was \u201cminimally impacted.\u201d<\/p>\n \u201cAt this time, we know of no sensitive or classified information that was compromised,\u201d the spokesperson, Ben Dietderich said.<\/p>\n Microsoft has said that, beginning next July, it will no longer support on-premises versions of SharePoint. It has urged customers to switch to the online version of the product, which generates more revenue because it involves an ongoing software subscription as well as usage of Microsoft\u2019s Azure cloud computing platform. The strength of the Azure cloud computing business has propelled Microsoft\u2019s share price in recent years. On Thursday, it became the second company in history to be valued at more than $4 trillion.<\/p>\n Doris Burke contributed research.<\/p>\n","protected":false},"excerpt":{"rendered":" ProPublica is a nonprofit newsroom that investigates abuses of power. Sign up to receive our biggest stories as soon as they\u2019re published. Last month, Microsoft announced that Chinese state-sponsored hackers had exploited vulnerabilities in SharePoint, the company\u2019s widely used collaboration software, to access the computer systems of hundreds of companies and government agencies, including the<\/p>\n","protected":false},"author":1,"featured_media":13541,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[55],"tags":[4728,4729,7211,1563,247,5765],"class_list":{"0":"post-13540","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-social-issues","8":"tag-chinabased","9":"tag-engineers","10":"tag-maintain","11":"tag-microsoft","12":"tag-propublica","13":"tag-software"},"_links":{"self":[{"href":"https:\/\/naijaglobalnews.org\/index.php?rest_route=\/wp\/v2\/posts\/13540","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/naijaglobalnews.org\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/naijaglobalnews.org\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/naijaglobalnews.org\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/naijaglobalnews.org\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=13540"}],"version-history":[{"count":0,"href":"https:\/\/naijaglobalnews.org\/index.php?rest_route=\/wp\/v2\/posts\/13540\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/naijaglobalnews.org\/index.php?rest_route=\/wp\/v2\/media\/13541"}],"wp:attachment":[{"href":"https:\/\/naijaglobalnews.org\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=13540"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/naijaglobalnews.org\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=13540"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/naijaglobalnews.org\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=13540"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}