A brand new investigation has revealed that Microsoft relied on China-based engineers to offer technical help and bug fixes for SharePoint, the identical collaboration software program that was lately exploited by Chinese language state-sponsored hackers in a large cyberattack affecting a whole bunch of organizations, together with delicate U.S. authorities businesses.
Final month, Microsoft introduced that Chinese language hackers had efficiently exploited vulnerabilities in SharePoint to breach the pc programs of quite a few firms and authorities businesses, together with the Nationwide Nuclear Safety Administration and the Division of Homeland Safety.
Nonetheless, what the corporate didn’t disclose in its announcement was that SharePoint help has been dealt with by a China-based engineering workforce for years.
In keeping with inner Microsoft work-tracking system screenshots reviewed by ProPublica, China-based workers had been lately fixing bugs for SharePoint “OnPrem” – the on-premises model of the software program that was focused in final month’s assaults.
This model refers to software program put in and operated on clients’ personal computer systems and servers, making it notably weak to direct manipulation.
When confronted about this association, Microsoft defended its practices, stating that the China-based workforce “is supervised by a US-based engineer and topic to all safety necessities and supervisor code overview.”
The corporate additionally introduced that “work is already underway to shift this work to a different location,” although no particular timeline was supplied.
Whereas it stays unclear whether or not Microsoft’s China-based workers performed any function within the SharePoint hack, cybersecurity specialists have persistently warned concerning the vital safety dangers posed by permitting Chinese language personnel to carry out technical help and upkeep on U.S. authorities programs.
The Broader Sample of Concern
This revelation is an element of a bigger sample that has emerged concerning Microsoft’s reliance on international staff. ProPublica’s investigation discovered that for over a decade, Microsoft has trusted international staff – together with these primarily based in China – to keep up the Protection Division’s cloud programs.
The oversight of those international staff comes from U.S.-based personnel often called “digital escorts,” who usually lack the superior technical experience essential to successfully monitor their international counterparts.
The escort association was initially developed by Microsoft to fulfill Protection Division officers who had been involved about international workers and to fulfill necessities that folks dealing with delicate information be U.S. residents or everlasting residents.
Regardless of these measures, the system has left extremely delicate info weak because of the technical ability hole between escorts and the international engineers they supervise.
The revelations have prompted vital authorities response. Protection Secretary Pete Hegseth launched a complete overview of tech firms’ reliance on foreign-based engineers to help the division.
Moreover, Senators Tom Cotton (R-Arkansas) and Jeanne Shaheen (D-New Hampshire) have written a number of letters to Hegseth, citing ProPublica’s investigation and demanding extra detailed details about Microsoft’s China-based help operations.
In response to the mounting strain, Microsoft introduced it had halted its use of China-based engineers to help Protection Division cloud computing programs and was contemplating implementing the identical change for different authorities cloud clients.
The timing of those revelations is especially regarding given the scope of the current SharePoint assault. Microsoft’s evaluation confirmed that Chinese language hackers started exploiting SharePoint weaknesses as early as July 7, 2025.
The corporate launched an preliminary patch on July 8, however hackers efficiently bypassed it, forcing Microsoft to difficulty a extra strong patch with enhanced protections.
The U.S. Cybersecurity and Infrastructure Safety Company warned that these vulnerabilities allow hackers to “absolutely entry SharePoint content material, together with file programs and inner configurations, and execute code over the community.”
The assaults have additionally been used to unfold ransomware, which encrypts victims’ information and calls for cost for his or her launch.
Influence and Future Implications
Authorities businesses have reported various ranges of influence from the breach. The Division of Homeland Safety acknowledged there is no such thing as a proof that information was taken from the company, whereas the Division of Power, which oversees the Nationwide Nuclear Safety Administration, described the influence as “minimal” with no delicate or categorized info compromised.
Trying forward, Microsoft has introduced that starting subsequent July, it can now not help on-premises variations of SharePoint, urging clients emigrate to the web model.
This transition aligns with Microsoft’s broader enterprise technique of selling subscription-based companies and its Azure cloud computing platform, which has considerably contributed to the corporate’s current valuation milestone of turning into the second firm in historical past to exceed $4 trillion in market worth.
This investigation raises elementary questions concerning the safety protocols surrounding crucial software program infrastructure and the potential dangers of worldwide staffing preparations in an more and more advanced cybersecurity panorama.
Discover this Story Attention-grabbing! Comply with us on LinkedIn and X to Get Extra Prompt Updates.
