'Chinese engineers' ..., the 'important angle' Microsoft reportedly missed while revealing SharePoint hack
announced last month that Chinese state-sponsored hackers exploited vulnerabilities in its
SharePoint
collaboration software to breach hundreds of companies and government agencies, including the National Nuclear Security Administration and Department of Homeland Security. However, the tech giant omitted a crucial detail: China-based engineers have been maintaining the very software that was compromised, as reported by ProPublica.
According to screenshots viewed by ProPublica, Microsoft's internal work-tracking system showed China-based employees recently fixing bugs for SharePoint "OnPrem" — the exact version targeted in the cyberattacks. The revelation raises serious questions about potential security risks when foreign personnel maintain critical US government systems.
Microsoft's China team has 'years' of SharePoint access
ProPublica's investigation revealed that Microsoft's China-based engineering team has been responsible for maintaining SharePoint software for years, supervised by a US-based engineer. The company stated that work is "already underway to shift this work to another location" following the security breach.
The timing proves particularly concerning given that Microsoft's analysis showed
Chinese hackers
were exploiting SharePoint weaknesses as early as July 7. Despite Microsoft releasing a patch on July 8, hackers successfully bypassed the initial fix, forcing the company to issue additional "more robust protections."
Government systems potentially exposed to foreign oversight
Cybersecurity experts warn that allowing China-based personnel to perform technical support on US government systems creates major security vulnerabilities. Chinese laws grant officials broad authority to collect data, making it difficult for citizens or companies to resist direct requests from security forces.
The Office of the Director of National Intelligence has identified China as the "most active and persistent cyber threat" to US government and critical infrastructure networks. The US Cybersecurity and Infrastructure Security Agency confirmed that the SharePoint vulnerabilities enable hackers to "fully access SharePoint content" and execute malicious code.
This latest revelation follows ProPublica's previous reporting that Microsoft has relied on foreign workers, including China-based engineers, to maintain Defense Department cloud systems for over a decade. In response, Defense Secretary Pete Hegseth launched a review of tech companies' use of foreign-based engineers, while senators from both parties have demanded more information about Microsoft's practices.
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Hans India
2 minutes ago
- Hans India
PM to visit China for SCO Summit
New Delhi: Prime Minister Narendra Modi will visit China to attend the regional summit SCO (Shanghai Cooperation Organisation) in Tianjin city from August 31 to September 1 - signalling another step towards normalising ties between the two nations that had frayed after the Galwan clash of 2020. Modi's last visit to China was in 2019. But he had met Chinese President Xi Jinping on the sidelines of the BRICS Summit in Kazan in October 2024. The visit comes amid the imposition of stiff tariffs from US president Donald Trump and increasing pressure on India regarding oil purchase from Russia. There is expectation that under the circumstances, India's recalibration of ties with China is expected to act as a balancing factor for the US. India's participation would also be in the backdrop of Chinese support for Pakistan and the shadow of Pahalgam attack. In June, Defence Minister Rajnath Singh had refused to sign a joint statement at a defence minister's meet under SCO because it skipped any mention of the April 22 Pahalgam terror attack that claimed 26 lives and instead, mentioned Balochistan, tacitly accusing India of creating unrest there. Pahalgam's exclusion from the document appeared to have been done at the behest of Pakistan. The next month, though, China issued a strong statement against terror as the US designated The Resistance Front, a proxy of Pakistan-based Lashkar-e-Taiba, as a foreign terrorist organisation for its involvement in the Pahalgam attack. "China firmly opposes all forms of terrorism and strongly condemns the terrorist attack that occurred on April 22... China calls on regional countries to enhance counterterrorism cooperation and jointly maintain regional security and stability," said Foreign Ministry spokesperson Lin Jian. This time at the SCO, discussions with 10 member countries is expected to cover terrorism and regional security along with trade. Efforts will be made to restore stability and dialogue in India-China relations. There is a possibility that PM Modi will have bilateral meetings with Russian President Putin and Chinese President Xi Jinping on the sidelines of the summit. In October 2024, PM Modi and Xi Jinping had met at the BRICS summit in Kazan. Following that, efforts to reduce border tensions between the two countries had gained momentum and the resumption of the Kailash-Mansarovar yatra had helped normalise ties to a great extent. Established in 2001, SCO aims to promote regional stability through cooperation. The bloc currently has 10 member states -- Belarus, China, India, Iran, Kazakhstan, Kyrgyzstan, Pakistan, Russia, Tajikistan and Uzbekistan.
The Hindu
2 minutes ago
- The Hindu
OpenAI's long-awaited GPT-5 model nears release
OpenAI's GPT-5, the latest installment of the AI technology that powered the ChatGPT juggernaut in 2022, is set for an imminent release, and users will scrutinise if the step up from GPT-4 is on par with the research lab's previous improvements. Two early testers of the new model told Reuters they have been impressed with its ability to code and solve science and math problems, but they believe the leap from GPT-4 to GPT-5 is not as large as the one from GPT-3 to GPT-4. The testers, who have signed non-disclosure agreements, declined to be named for this story. OpenAI declined to comment for this story. GPT-4's leap was based on more compute power and data, and the company was hoping that 'scaling up' in a similar way would consistently lead to improved AI models. But OpenAI, which is backed by Microsoft and is currently valued at $300 billion, ran into issues scaling up. One problem was the data wall the company ran into, and OpenAI's former chief scientist Ilya Sutskever said last year that while processing power was growing, the amount of data was not. He was referring to the fact that large language models are trained on massive datasets that scrape the entire internet, and AI labs have no other options for large troves of human-generated textual data. Apart from the lack of data, another problem was that 'training runs' for large models are more likely to have hardware-induced failures given how complicated the system is, and researchers may not know the eventual performance of the models until the end of the run, which can take months. OpenAI has not said when GPT-5 will be released, but the industry expects it to be any day now, according to media reports. Boris Power, head of Applied Research at OpenAI, said in an X post on Monday: "Excited to see how the public receives GPT-5." 'OpenAI made such a great leap from GPT-3 to GPT-4, that ever since then, there has been an enormous amount of anticipation over GPT-5,' said Navin Chaddha, managing partner at venture capital fund Mayfield, who invests in AI companies but is not an OpenAI investor. 'The hope is that GPT-5 will unlock AI applications that move beyond chat into fully autonomous task execution." Nearly three years ago, ChatGPT introduced the world to generative AI, dazzling users with its ability to write humanlike prose and poetry, quickly becoming one of the fastest growing apps ever. In March 2023, OpenAI followed up ChatGPT with the release of GPT-4, a large language model that made huge leaps forward in intelligence. While GPT-3.5, an earlier version of the model, received a bar exam score in the bottom 10%, GPT-4 passed the simulated bar exam in the top 10%. GPT-4 then became the model to beat and the world came to terms with the fact that AI models could outperform humans in many tasks. Soon, other companies were catching on. The same year, Alphabet's Google and Anthropic, which is backed by Amazon and Google, released competitive models to GPT-4. Within a year, open-source models on par with GPT-4 such as Meta Platforms' Llama 3 models were released. Along with training large models, OpenAI has now invested in another route, called 'test-time compute,' which channels more processing power to solve challenging tasks such as math or complex operations that demand human-like reasoning and decision-making. The company's CEO Sam Altman said earlier this year that GPT-5 would combine both test-time compute and its large models. He also said that OpenAI's model and product offerings had become "complicated."
Mint
2 minutes ago
- Mint
Indian space startups have run into a talent hurdle
New Delhi: India's private space startups are finding it hard to get top-notch talent as there aren't enough graduates trained in niche topics and specialized skills. And even the small number of candidates available prefer companies overseas because of low salaries back home. While companies are increasing their average pay and also training employees, niche talent in rocketry, propulsion technologies, photonics and sensors—the differentiating factors among space startups—is in short supply, according to founders, analysts and industry observers that Mint spoke with. Around 175 institutions in India offer undergraduate degrees in aerospace engineering, while 75 offer postgraduate courses, according toMint's analysis of five educational services platforms. Around 8,000 aerospace engineers graduated last year, accounting for just 0.5% of the 1.5 million engineers who pass out of Indian colleges annually. That includes the Indian Institute of Space Science and Technology (IIST), which is affiliated with the Union government's Department of Space. Chicken and egg situation But it's more like a chicken-and-egg situation: while there are few qualified candidates, the salaries also aren't good enough to encourage students to select such courses. While none of the startups disclosed their salary offers, citing confidentiality and competition, Mint found that freshers, working on low-value software engineering or satellite assembly projects, are offered packages as low as ₹3 million a year, and those with two-three years of experience get up to ₹6 million per annum. Such roles, however, are in tens and not even hundreds across India's 200-odd space startups. Companies say finding the right engineer is rare, while candidates blame a lack of jobs. 'About 30% of our hires are freshers directly out of colleges, but we recruit the rest from various industries such as automobiles," said Pawan Kumar Chandana, cofounder and chief executive of Hyderabad-headquartered Skyroot Aerospace. 'For most engineers that we hire, we've set up skilling and training programmes, and it takes about six months to a year for them to get ready to work on various projects." According to Anirudh Sharma, cofounder and chief executive of Bengaluru-based Digantara Research and Technologies, India doesn't have enough formal university courses or research programmes in skills such as photonics and optical engineering. 'For instance, National Institute of Technology, Warangal (in Telangana) ran about five batches and produced some of the best optical communications engineers in the country—but they are a finite pool, out of which some are employed across industries and others have moved abroad," he said. In most cases, startups like Bengaluru-based Bellatrix Aerospace hire from other engineering streams. 'For instance, we take recruits with chemical and metallurgical engineering backgrounds and train them to work on our proprietary rocket propulsion technology," said Yashas Karanam, co-founder and chief operating officer. Not many courses Specialized space courses are also rare. Towards the end of 2023, Pawan Goenka, chairman of government-affiliated Indian National Space Promotion and Authorization Centre (In-Space), had said that the agency is working with the All India Council for Technical Education (AICTE) to introduce space curricula in engineering institutes. On 28 July, In-Space announced the introduction of a short-term skill development course for 'space technology in agriculture" with Amity University, Noida. However, it is only a certificate course and does not offer the kind of deep dive that would produce the niche skills that Chandana, Sharma and Karanam are looking for. Fewer jobs Industry stakeholders said the lack of adequate talent is also due to fewer job opportunities. The Indian space industry at the moment is 'not offering opportunities that go beyond the existing roles at the Indian Space Research Organisation (Isro)", said Narayan Prasad Nagendra, chief operating officer of Netherlands-based space services marketplace SatSearch. 'Since a mass exodus to the IT (information technology) sector in the 1990s, Isro has steadied the ship—and now sees engineers sticking with it for a decade or more. In my conversations, engineers who gather such levels of experience only look for career opportunities outside in Europe or Japan," said Nagendra. 'Indian space firms are yet to offer perks and salaries that go beyond what Isro or private global firms do, which leads to top talent leaving the country beyond a point." According to Chaitanya Giri, a space fellow at the global think tank Observer Research Foundation, it is still early since the privatization of the space sector only took place three years ago. Giri said the sector will never see demand in thousands or millions, but only hundreds, and that too for core products and niche applications. 'Getting talent from other industries is only a stop-gap solution because automobiles and other core sectors can always have more room for growth," he said. 'What is needed now are niche specialization courses at top universities, and generous research budgets," Guri said. 'Until that happens, India's space industry will remain starved of the kind of talent that helped the US build the global majors we know today."
