Business

Microsoft Used China-Based Engineers To Support Product Recently Hacked By China

Image Courtesy Of Sam Torres On Unsplash

Microsoft announced that Chinese state-sponsored hackers had exploited vulnerabilities in its popular SharePoint software but didn’t mention that it has long used China-based engineers to maintain the product.

This article was written by Renee Dudley and originally published by ProPublica.

Last month, Microsoft announced that Chinese state-sponsored hackers had exploited vulnerabilities in SharePoint, the company’s widely used collaboration software, to access the computer systems of hundreds of companies and government agencies, including the National Nuclear Security Administration and the Department of Homeland Security.

The company did not include in its announcement, however, that support for SharePoint is handled by a China-based engineering team that has been responsible for maintaining the software for years.

ProPublica viewed screenshots of Microsoft’s internal work-tracking system that showed China-based employees recently fixing bugs for SharePoint “OnPrem,” the version of the software involved in last month’s attacks. The term, short for “on premises,” refers to software installed and run on customers’ own computers and servers.

Microsoft said the China-based team “is supervised by a US-based engineer and subject to all security requirements and manager code review. Work is already underway to shift this work to another location.”

It’s unclear if Microsoft’s China-based staff had any role in the SharePoint hack. But experts have said allowing China-based personnel to perform technical support and maintenance on U.S. government systems can pose major security risks. Laws in China grant the country’s officials broad authority to collect data, and experts say it is difficult for any Chinese citizen or company to meaningfully resist a direct request from security forces or law enforcement. The Office of the Director of National Intelligence has deemed China the “most active and persistent cyber threat to U.S. Government, private-sector, and critical infrastructure networks.”

ProPublica revealed in a story published last month that Microsoft has for a decade relied on foreign workers — including those based in China — to maintain the Defense Department’s cloud systems, with oversight coming from U.S.-based personnel known as digital escorts. But those escorts often don’t have the advanced technical expertise to police foreign counterparts with far more advanced skills, leaving highly sensitive information vulnerable, the investigation showed.

ProPublica found that Microsoft developed the escort arrangement to satisfy Defense Department officials who were concerned about the company’s foreign employees, and to meet the department’s requirement that people handling sensitive data be U.S. citizens or permanent residents. Microsoft went on to win federal cloud computing business and has said in earnings reports that it receives “substantial revenue from government contracts.” ProPublica also found that Microsoft uses its China-based engineers to maintain the cloud systems of other federal departments, including parts of Justice, Treasury and Commerce.

In response to the reporting, Microsoft said that it had halted its use of China-based engineers to support Defense Department cloud computing systems, and that it was considering the same change for other government cloud customers. Additionally, Defense Secretary Pete Hegseth launched a review of tech companies’ reliance on foreign-based engineers to support the department. Sens. Tom Cotton, an Arkansas Republican, and Jeanne Shaheen, a New Hampshire Democrat, have written letters to Hegseth, citing ProPublica’s investigation, to demand more information about Microsoft’s China-based support.

Microsoft said its analysis showed that Chinese hackers were exploiting SharePoint weaknesses as early as July 7. The company released a patch on July 8, but hackers were able to bypass it. Microsoft subsequently issued a new patch with “more robust protections.”

The U.S. Cybersecurity and Infrastructure Security Agency said that the vulnerabilities enable hackers “to fully access SharePoint content, including file systems and internal configurations, and execute code over the network.” Hackers have also leveraged their access to spread ransomware, which encrypts victims’ files and demands a payment for their release, CISA said.

A DHS spokesperson said there is no evidence that data was taken from the agency. A spokesperson for the Department of Energy, which includes the National Nuclear Security Administration, said in a statement the agency was “minimally impacted.”

“At this time, we know of no sensitive or classified information that was compromised,” the spokesperson, Ben Dietderich said.

Microsoft has said that, beginning next July, it will no longer support on-premises versions of SharePoint. It has urged customers to switch to the online version of the product, which generates more revenue because it involves an ongoing software subscription as well as usage of Microsoft’s Azure cloud computing platform. The strength of the Azure cloud computing business has propelled Microsoft’s share price in recent years. On Thursday, it became the second company in history to be valued at more than $4 trillion.

U Cast Studios

Next Americans Are Eating (Slightly) Less Ultra-Processed Foods »

Previous « Never-Before-Seen Photos Inside Jeffrey Epstein's Creepy Mansion

10 months ago

How Out-Of-Work Fisherman Saved The American Revolution

George Washington knew his forces could not win the American Revolutionary War without some measure… Read More

1 day ago

Lifestyle

The Cost Of The Grain That Feeds Half The World Just Posted Biggest Monthly Surge Since 2008

Asian rice prices logged their biggest monthly gain in nearly two decades in May, as… Read More

1 day ago

I Read It On The Internet

AI Can Chart A Course To Disaster Faster Than Humans Can Notice

Earlier this year, researchers at King’s College London gave three commercial AI models—GPT-5.2, Claude Sonnet 4,… Read More

2 days ago

Lifestyle

How Sleep And Dementia May Be Linked

A new article digs into how sleep, the brain’s process for clearing waste, and dementia… Read More

5 days ago

Business

Data Centers Now Consume 6% Of US Electricity—And The Backlash Has Begun

Strong opposition kicks in when data center demand surpasses 5% of a country's power supply.… Read More

6 days ago

Business

Oklo COO Says Nuclear Waste Could Power America For 150 Years

Earlier this week, we covered Oklo’s approval by Chris Wright’s DOE to convert plutonium previously set for… Read More