A brand new investigation has revealed that Microsoft relied on China-based engineers to supply technical assist and bug fixes for SharePoint, the identical collaboration software program that was not too long ago exploited by Chinese language state-sponsored hackers in a large cyberattack affecting a whole lot of organizations, together with delicate U.S. authorities businesses.
Final month, Microsoft introduced that Chinese language hackers had efficiently exploited vulnerabilities in SharePoint to breach the pc techniques of quite a few corporations and authorities businesses, together with the Nationwide Nuclear Safety Administration and the Division of Homeland Safety.
Nonetheless, what the corporate didn’t disclose in its announcement was that SharePoint assist has been dealt with by a China-based engineering group for years.
In line with inside Microsoft work-tracking system screenshots reviewed by ProPublica, China-based workers had been not too long ago fixing bugs for SharePoint “OnPrem” – the on-premises model of the software program that was focused in final month’s assaults.
This model refers to software program put in and operated on clients’ personal computer systems and servers, making it notably weak to direct manipulation.
When confronted about this association, Microsoft defended its practices, stating that the China-based group “is supervised by a US-based engineer and topic to all safety necessities and supervisor code evaluation.”
The corporate additionally introduced that “work is already underway to shift this work to a different location,” although no particular timeline was offered.
Whereas it stays unclear whether or not Microsoft’s China-based employees performed any position within the SharePoint hack, cybersecurity specialists have persistently warned concerning the important safety dangers posed by permitting Chinese language personnel to carry out technical assist and upkeep on U.S. authorities techniques.
The Broader Sample of Concern
This revelation is an element of a bigger sample that has emerged concerning Microsoft’s reliance on overseas staff. ProPublica’s investigation discovered that for over a decade, Microsoft has trusted overseas staff – together with these based mostly in China – to take care of the Protection Division’s cloud techniques.
The oversight of those overseas staff comes from U.S.-based personnel often known as “digital escorts,” who usually lack the superior technical experience essential to successfully monitor their overseas counterparts.
The escort association was initially developed by Microsoft to fulfill Protection Division officers who had been involved about overseas workers and to satisfy necessities that folks dealing with delicate information be U.S. residents or everlasting residents.
Regardless of these measures, the system has left extremely delicate info weak because of the technical talent hole between escorts and the overseas engineers they supervise.
The revelations have prompted important authorities response. Protection Secretary Pete Hegseth launched a complete evaluation of tech corporations’ reliance on foreign-based engineers to assist the division.
Moreover, Senators Tom Cotton (R-Arkansas) and Jeanne Shaheen (D-New Hampshire) have written a number of letters to Hegseth, citing ProPublica’s investigation and demanding extra detailed details about Microsoft’s China-based assist operations.
In response to the mounting strain, Microsoft introduced it had halted its use of China-based engineers to assist Protection Division cloud computing techniques and was contemplating implementing the identical change for different authorities cloud clients.
The timing of those revelations is especially regarding given the scope of the current SharePoint assault. Microsoft’s evaluation confirmed that Chinese language hackers started exploiting SharePoint weaknesses as early as July 7, 2025.
The corporate launched an preliminary patch on July 8, however hackers efficiently bypassed it, forcing Microsoft to situation a extra sturdy patch with enhanced protections.
The U.S. Cybersecurity and Infrastructure Safety Company warned that these vulnerabilities allow hackers to “absolutely entry SharePoint content material, together with file techniques and inside configurations, and execute code over the community.”
The assaults have additionally been used to unfold ransomware, which encrypts victims’ information and calls for fee for his or her launch.
Affect and Future Implications
Authorities businesses have reported various ranges of impression from the breach. The Division of Homeland Safety acknowledged there isn’t a proof that information was taken from the company, whereas the Division of Vitality, which oversees the Nationwide Nuclear Safety Administration, described the impression as “minimal” with no delicate or labeled info compromised.
Wanting forward, Microsoft has introduced that starting subsequent July, it should not assist on-premises variations of SharePoint, urging clients emigrate to the web model.
This transition aligns with Microsoft’s broader enterprise technique of selling subscription-based providers and its Azure cloud computing platform, which has considerably contributed to the corporate’s current valuation milestone of turning into the second firm in historical past to exceed $4 trillion in market worth.
This investigation raises elementary questions concerning the safety protocols surrounding vital software program infrastructure and the potential dangers of worldwide staffing preparations in an more and more complicated cybersecurity panorama.
Discover this Story Fascinating! Observe us on LinkedIn and X to Get Extra Instantaneous Updates.
