SharePoint Hacks Turn Up Heat on Microsoft's Cyber Overhaul
Advertisement
Battered by its role in several major hacks, the software giant in late 2023 vowed to overhaul its cybersecurity, in a project called the Secure Future Initiative. The April report noted significant advances, including fostering a 'security-first mindset' in employees and making strides in meeting engineering goals.
'Our progress will not be linear,' the report added.
It didn't take long to prove the company's point. On Tuesday, Microsoft accused three Chinese hacking groups, two tied to the government in Beijing, of exploiting flaws in SharePoint document management software as part of a global campaign that's targeted businesses and government agencies, including the US Department of Education.
Attackers have exploited the flaws since July 7, according to cybersecurity researchers.
The full extent of the damage isn't yet clear. The flaws apply to SharePoint customers who manage the software on their own networks, as opposed to on the cloud. That limits potential victims — though the number could still be significant given Microsoft's reach.
Advertisement
Roger Cressey, a former cybersecurity official under presidents Bill Clinton and George W. Bush, said errors at organizations as dominant as Microsoft have high stakes and changes are hard to make given its size.
'When you have one provider so omnipresent in our digital ecosystem, the blast radius of their mistakes is enormous,' said Cressey, a partner at Mountain Wave Ventures, whose clients include some Microsoft competitors. 'It's another reminder that Microsoft's failure on making security a priority is impacting our national and economic security.'
Microsoft quickly rolled out patches for the flaws, though it said in a blog post Tuesday that it had 'high confidence' that hackers would continue to use the flaws to attack unpatched SharePoint systems.
The intrusion is another public relations headache for a company trying to bolster its cyber defenses and reputation. Microsoft is the world's largest software vendor, making it a target for cyber-spies and criminals. It is also the biggest seller of cybersecurity products.
Advertisement
'As part of the Secure Future Initiative, we're focused on accelerating and strengthening our security incident response,' said Microsoft spokesman Frank Shaw. 'In this case, we acted quickly, delivering detailed customer guidance and releasing three new security updates within 72 hours to help protect against adversary attacks.'
There's little evidence that previous major cyberattacks tied to Microsoft have hurt the company's bottom line. Anurag Rana, a senior analyst at Bloomberg Intelligence, said it could even help Microsoft by convincing customers to move SharePoint to the tech giant's cloud, which he described as safer and cheaper in the long run.
What's less clear is what impact the latest breach will have on Microsoft's efforts to repair its cybersecurity credentials and appease long-term critics.
Advertisement
One of them, US Senator Ron Wyden, a Democrat from Oregon, said government agencies have become dependent on 'a company that not only doesn't care about security but is making billions of dollars selling premium cybersecurity services to address the flaws in its products.'
'Each hack caused by Microsoft's negligence results in increased government spending on Microsoft cybersecurity services,' Wyden said in a statement, when asked to respond to the SharePoint vulnerabilities. 'The government will never escape this cycle unless it stops rewarding Microsoft.'
In its April report, Microsoft described the Secure Future Initiative as an ambitious undertaking that would take years. For instance, out of 28 engineering objectives, five are nearing completion, 11 have made significant progress and Microsoft continues to work on the others.
Advertisement
'The threat landscape will continue to evolve, resulting in new vulnerabilities and security incidents,' according to the report. 'Technology will advance, creating new ways to improve security and new issues to address. Each of these is an opportunity to work with our customers and the industry to strengthen our collective defenses.'
--With assistance from Jake Bleiberg.
More stories like this are available on bloomberg.com
©2025 Bloomberg L.P.
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Time of India
4 minutes ago
- Time of India
India Inc's rare earth magnet dependence
Not just automotive, which is using rare earth magnets for EVs aggressively, renewable energy, consumer electronics, and defense sectors are also in need of these products. India expects the government to clarify the uncertainties regarding the shortage of rare earth magnets, as the industry is struggling to manage alternative solutions. Here is my view on India vs. China debate and India's growing dependence on rare earth magnets, its risks and solutions. The world is once again learning that the materials of the future come with geopolitical strings attached. India, aspiring to be a global manufacturing hub and a clean-tech leader, finds itself hobbled by a shortage of rare earth permanent magnets, a problem that threatens to derail its electric vehicle (EV) push, defence readiness, and green energy plans. At the root lies a familiar issue: overdependence on China. China's decision in April 2025 to tighten export controls on rare earth magnets has sent tremors through Indian industry. These magnets, indispensable in EVs, wind turbines, consumer electronics and missile guidance systems, are now in short supply. Inventories are projected to run out in a matter of weeks. Automakers are already sounding alarm bells, while electronics manufacturers brace for cascading delays. This crisis has long been in the making. China supplies around 90 per cent of India's rare earth magnets and controls a similarly dominant share of global capacity. Its grip extends not just to raw materials but to refining and high-end processing—domains in which India is dangerously underdeveloped. Since the export curbs came into force, Indian companies have been required to seek end-use licences from Chinese authorities, a process marked by opacity and inertia. Russia, once viewed as a rising alternative, remains a fringe player. Other potential suppliers—Australia, Vietnam, and the United States—lack the capacity or speed to plug the gap. Meanwhile, India's own magnet demand has soared. From 12,400 tonnes in FY2021, usage has quadrupled to nearly 54,000 tonnes in FY2025, according to government estimates. The spike is a direct consequence of policy initiatives that promote green mobility, solar and wind capacity, and Make-in-India electronics . But infrastructure without inputs is futile. Mining time lost There are signs of action. The government has begun diplomatic engagement with Beijing in an effort to expedite clearances. More importantly, it is considering amendments to the Mines and Minerals (Development and Regulation) Act to ease exploration of rare earths. Public-sector enterprise Indian Rare Earths Ltd has commenced work on a small-scale magnet plant, and broader production initiatives are under review. But this is reactive policymaking, not foresight. The processing and manufacturing of magnets requires not just raw materials but deep technical capabilities, years of investment, and robust supply chains. India is at least a decade behind where it needs to be. States like Andhra Pradesh and Odisha hold monazite-rich beach sands that could be tapped for rare earths, but red tape and regulatory inertia have kept them underexploited. Refining capacity—capital-intensive and environmentally sensitive—remains virtually non-existent. Without it, India will remain a shipper of ores and an importer of value-added goods. A rare opportunity in rare earths The current crunch ought to be treated not merely as a supply hiccup, but as a strategic wake-up call. India's vision of self-reliance must extend beyond finished goods to the materials that make those goods possible. This calls for nothing short of a rare earth industrial policy. The stakeholders seem to have understood the magnitude of the issue and are moving swiftly. The government is working on a production-linked incentive (PLI) scheme specifically for rare earth magnet manufacturing, offering tax incentives, bonuses based on output, and a simplified regulatory framework to support domestic mining and processing of rare earths like neodymium, praseodymium, and dysprosium. Public sector enterprises such as Indian Rare Earths Ltd have been asked to expand capacity, while private players—Sona Comstar, Uno Minda, and Mahindra & Mahindra among them—are exploring pilot projects to build magnet manufacturing facilities. India is also diversifying import sources, accelerating trade and mining partnerships with countries like Australia, Vietnam, and the United States to reduce dependence on China. Meanwhile, several public–private partnerships are in motion to create rare earth magnet recycling hubs to reclaim materials from used motors, while startups and research institutions are working on magnet-free electric motor technologies and ferrite-based alternatives. With these initiatives gaining traction, the Indian government expects to begin commercial production of rare earth magnets by late 2025, with an eye on scaling to global relevance by 2030. The transition marks not just a supply-side correction, but a long-term industrial strategy to secure India's position in critical green and strategic technologies. Ultimately, what India faces is not a commodity shortage, but a strategic constraint. As it builds its industrial future, it must ensure that core materials are not hostage to geopolitical volatility. The rare earth crisis of 2025 is both a cautionary tale and a call to action. India would do well to heed it—and place magnets, literally and figuratively, at the centre of its economic strategy.
Time of India
11 minutes ago
- Time of India
Govt gets investment proposal worth ₹16,000 cr under electronic component scheme
New Delhi: The government is learnt to have attracted investment proposals worth ₹16,000 crore under the Electronics Component Manufacturing Scheme, according to sources. The government had opened applications for the ₹22,805-crore electronics component manufacturing scheme (ECMS) on May 1. "Received proposals worth around ₹16,000 crore under ECMS," an official source said. An industry body also confirmed the development, based on its discussion with government officials and industry players. According to the government source, the approval process has started and shortlisted projects are expected to be announced in September. "The scheme has received a good response from both domestic and foreign companies," the source said. Sources had earlier mentioned that Tata Electronics , Dixon Technologies , and Foxconn were among the big players that have shown interest in the scheme. Recently, Dixon signed separate agreements with Chinese electronic component firms -- Chongqing Yuhai Precision Manufacturing Co Ltd and the Indian arm of Kunshan Q Technology -- for manufacturing and sales of electronic components used in electronic devices like mobile phones and laptops, among others. The scheme aims to address the demand-supply deficit in the electronic component segment. Electronic Industries Association of India (Elcina), the country's oldest industry body of the Indian electronics sector, estimates that the demand-supply deficit for inputs in the electronics segment will increase to USD 248 billion (about ₹21 lakh crore) by 2030 to cater to projected USD 500 billion electronics production, and it would be met largely by imports in absence of any measure from the government. The major portion of the scheme, ₹21,093 crore, is earmarked for sub-assemblies like camera module, multi-layered printed circuit board (PCB), flexible PCB, and passive components that are fixed on the PCB by machines. A total of ₹1,712 crore has been earmarked for making parts used in sub-assemblies and capital goods used in electronics manufacturing . The scheme classifies display module and camera module sub-assembly in category A, while category B products include bare components like non-surface mount devices (non-SMD), multi-layered printed circuit board, lithium-ion cells for digital applications, enclosures for mobile, IT hardware products and related devices. Category C includes components like flexible PCB, SMD passive components. Besides, components used in making items listed under A, B and C categories, as well as capital goods used in electronics manufacturing, have been clubbed under the D category. The government has opened the application window for A, B and C categories initially for three months starting May 1, and for two years for D category items.
Time of India
12 minutes ago
- Time of India
Dixon Technologies receives govt approval for JV with Chinese firm Longcheer
Dixon Technologies has received approval from the Indian government to form a joint venture (JV) with Chinese peer Longcheer , according to a regulatory filing. The JV will be formed between Dixon and Longcheer's Singapore-based subsidiary. "Dixon has received approval from MEITY to form a prospective joint venture (JV) in India with Longcheer, through an optimum structure to be mutually agreed between Dixon and Longcheer such that... 74 per cent of the total paid up share capital of the joint venture company is held by Dixon and 26 per held by Longcheer," the filing dated July 24 said. The JV will be called Dixtel Infocomm after closing of definitive agreements between the two companies. "Upon consummation of the transaction, Dixtel, the proposed joint venture company, shall carry on the business of manufacture and supply of smartphones/tablets, true wireless stereo, smart watch, AI PC, automotive electronics, healthcare devices, etc. Besides making products for companies like Vivo , Xiaomi, Oppo, Samsung etc, Longcheer also designs products. "This collaboration shall introduce several key advancements, particularly in Original Design Manufacturer (ODM) expertise and will facilitate the localisation of the non-semiconductor sub-component manufacturing in India," the filing said. Dixon has been reaching out to several Chinese companies for joint ventures. It has signed separate agreements with Chinese electronic component firms -- Chongqing Yuhai Precision Manufacturing Co Ltd and the Indian arm of Kunshan Q Technology -- for manufacturing and sales of electronic components used in electronic devices like mobile phones and laptops, among others. The company's JV with Chinese smart devices maker Vivo is also in the works.
