Microsoft Used China-Based Engineers to Support Product Recently Hacked by China
3 minute readPublished: Friday, August 1, 2025 at 7:15 pm
Microsoft's China-Based Engineers Raise Security Concerns After SharePoint Hack
Microsoft is facing scrutiny following a recent cyberattack on its SharePoint software, which impacted hundreds of companies and government agencies. The company announced last month that Chinese state-sponsored hackers exploited vulnerabilities in SharePoint, a widely used collaboration tool, to access computer systems. However, Microsoft did not initially disclose that a China-based engineering team, responsible for maintaining the software for years, handles support for SharePoint.
Internal documents viewed by ProPublica revealed that China-based employees were recently fixing bugs for SharePoint OnPrem, the version of the software targeted in the attacks. While Microsoft maintains that the China-based team is supervised by a US-based engineer and subject to security protocols, experts have raised concerns about the potential security risks. They highlight that Chinese laws grant officials broad authority to collect data, making it difficult for Chinese citizens or companies to resist requests from security forces.
The Office of the Director of National Intelligence has identified China as the most active cyber threat to U.S. government and private-sector networks. This isn't the first time Microsoft has relied on foreign workers for sensitive systems. ProPublica previously reported that Microsoft has used foreign workers, including those based in China, to maintain the Defense Department's cloud systems for a decade, with oversight from U.S.-based personnel. However, these "digital escorts" often lack the technical expertise to adequately monitor their foreign counterparts, potentially leaving sensitive information vulnerable.
In response to the recent revelations, Microsoft has halted the use of China-based engineers to support Defense Department cloud computing systems and is considering similar changes for other government cloud customers. The Defense Secretary has initiated a review of tech companies' reliance on foreign-based engineers. Furthermore, Senators Tom Cotton and Jeanne Shaheen have requested more information from Microsoft.
Microsoft's analysis indicates that Chinese hackers exploited SharePoint weaknesses as early as July 7, with a patch released on July 8 that was subsequently bypassed. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has confirmed that the vulnerabilities allowed hackers full access to SharePoint content and the ability to execute code. Hackers have also used their access to spread ransomware. While the Department of Homeland Security (DHS) and the Department of Energy, including the National Nuclear Security Administration, have stated there is no evidence of data compromise, the situation remains under investigation. Microsoft plans to end support for on-premises versions of SharePoint next July, encouraging customers to switch to the online version.
BNN's Perspective:
The situation highlights the complex challenges of balancing cybersecurity with global operations. While Microsoft's actions are understandable from a business perspective, the potential risks associated with relying on foreign-based engineers for sensitive government systems are significant. The government's response, including the review by the Defense Secretary and inquiries from Congress, is a necessary step to ensure national security. Moving forward, a careful balance must be struck between utilizing global talent and safeguarding critical infrastructure from potential threats.
Keywords: Microsoft, SharePoint, China, Cybersecurity, Hack, Security, Government, Vulnerability, Cyberattack, Defense Department, Cloud Computing, Engineers, Data Breach, Ransomware, CISA, National Security, Foreign Workers.