A brand new investigation has revealed that Microsoft relied on China-based engineers to supply technical help and bug fixes for SharePoint, the identical collaboration software program that was not too long ago exploited by Chinese language state-sponsored hackers in a large cyberattack affecting tons of of organizations, together with delicate U.S. authorities businesses.
Final month, Microsoft introduced that Chinese language hackers had efficiently exploited vulnerabilities in SharePoint to breach the pc techniques of quite a few firms and authorities businesses, together with the Nationwide Nuclear Safety Administration and the Division of Homeland Safety.
Nevertheless, what the corporate didn’t disclose in its announcement was that SharePoint help has been dealt with by a China-based engineering staff for years.
Based on inside Microsoft work-tracking system screenshots reviewed by ProPublica, China-based workers have been not too long ago fixing bugs for SharePoint “OnPrem” – the on-premises model of the software program that was focused in final month’s assaults.
This model refers to software program put in and operated on prospects’ personal computer systems and servers, making it notably weak to direct manipulation.
When confronted about this association, Microsoft defended its practices, stating that the China-based staff “is supervised by a US-based engineer and topic to all safety necessities and supervisor code assessment.”
The corporate additionally introduced that “work is already underway to shift this work to a different location,” although no particular timeline was offered.
Whereas it stays unclear whether or not Microsoft’s China-based workers performed any function within the SharePoint hack, cybersecurity specialists have persistently warned in regards to the vital safety dangers posed by permitting Chinese language personnel to carry out technical help and upkeep on U.S. authorities techniques.
The Broader Sample of Concern
This revelation is a component of a bigger sample that has emerged concerning Microsoft’s reliance on overseas staff. ProPublica’s investigation discovered that for over a decade, Microsoft has relied on overseas staff – together with these primarily based in China – to keep up the Protection Division’s cloud techniques.
The oversight of those overseas staff comes from U.S.-based personnel generally known as “digital escorts,” who usually lack the superior technical experience essential to successfully monitor their overseas counterparts.
The escort association was initially developed by Microsoft to fulfill Protection Division officers who have been involved about overseas workers and to fulfill necessities that folks dealing with delicate knowledge be U.S. residents or everlasting residents.
Regardless of these measures, the system has left extremely delicate info weak because of the technical ability hole between escorts and the overseas engineers they supervise.
The revelations have prompted vital authorities response. Protection Secretary Pete Hegseth launched a complete assessment of tech firms’ reliance on foreign-based engineers to help the division.
Moreover, Senators Tom Cotton (R-Arkansas) and Jeanne Shaheen (D-New Hampshire) have written a number of letters to Hegseth, citing ProPublica’s investigation and demanding extra detailed details about Microsoft’s China-based help operations.
In response to the mounting stress, Microsoft introduced it had halted its use of China-based engineers to help Protection Division cloud computing techniques and was contemplating implementing the identical change for different authorities cloud prospects.
The timing of those revelations is especially regarding given the scope of the latest SharePoint assault. Microsoft’s evaluation confirmed that Chinese language hackers started exploiting SharePoint weaknesses as early as July 7, 2025.
The corporate launched an preliminary patch on July 8, however hackers efficiently bypassed it, forcing Microsoft to concern a extra sturdy patch with enhanced protections.
The U.S. Cybersecurity and Infrastructure Safety Company warned that these vulnerabilities allow hackers to “totally entry SharePoint content material, together with file techniques and inside configurations, and execute code over the community.”
The assaults have additionally been used to unfold ransomware, which encrypts victims’ recordsdata and calls for cost for his or her launch.
Influence and Future Implications
Authorities businesses have reported various ranges of impression from the breach. The Division of Homeland Safety acknowledged there is no such thing as a proof that knowledge was taken from the company, whereas the Division of Power, which oversees the Nationwide Nuclear Safety Administration, described the impression as “minimal” with no delicate or labeled info compromised.
Wanting forward, Microsoft has introduced that starting subsequent July, it’ll now not help on-premises variations of SharePoint, urging prospects emigrate to the web model.
This transition aligns with Microsoft’s broader enterprise technique of selling subscription-based providers and its Azure cloud computing platform, which has considerably contributed to the corporate’s latest valuation milestone of turning into the second firm in historical past to exceed $4 trillion in market worth.
This investigation raises basic questions in regards to the safety protocols surrounding essential software program infrastructure and the potential dangers of worldwide staffing preparations in an more and more complicated cybersecurity panorama.
Discover this Story Fascinating! Observe us on LinkedIn and X to Get Extra Prompt Updates.
