WASHINGTON D.C. – Last month, Microsoft revealed that Chinese state-sponsored hackers had exploited vulnerabilities in its SharePoint software, gaining access to hundreds of companies and government agencies.
The breach specifically targeted the National Nuclear Security Administration and the Department of Homeland Security, raising alarms about the security of sensitive U.S. government systems.
What Microsoft didn’t initially disclose is that its China-based engineering team has been responsible for maintaining SharePoint for years. internal work-tracking systems, viewed in screenshots, showed China-based employees actively fixing bugs for the “OnPrem” version of SharePoint, the very software implicated in the attacks. This version is installed and run on customer-owned computers and servers.
Microsoft stated that this team operates under the supervision of a U.S.-based engineer and adheres to all security requirements, including manager code review. The company also indicated that it is in the process of relocating this work.
Why does this matter? Experts warn that allowing personnel in China to support U.S. government systems poses significant security risks.Chinese law grants broad authority for data collection, making it tough for citizens or companies to refuse requests from security forces.
The Office of the Director of National Intelligence has identified China as the “most active and persistent cyber threat to U.S. Government,private-sector,and critical infrastructure networks.”
This situation echoes previous findings. A report last month revealed that Microsoft had relied on foreign workers, including those in China, for a decade to maintain the defense Department’s cloud systems.Oversight was provided by U.S.-based “digital escorts,” but they frequently enough lacked the technical expertise to adequately monitor their highly skilled foreign counterparts, potentially leaving sensitive information vulnerable.
Microsoft developed the “digital escort” arrangement to address concerns from Defense department officials about foreign employees and to meet requirements for U.S. citizens or permanent residents handling sensitive data. this strategy has helped Microsoft secure federal cloud computing contracts, contributing “substantial revenue from government contracts,” according to the company’s earnings reports. It was also found that Microsoft uses its China-based engineers for cloud systems in other federal departments, including Justice, Treasury, and Commerce.
In response to this reporting, Microsoft announced it has halted the use of china-based engineers for Defense Department cloud systems and is considering similar changes for other government clients. Defense Secretary Pete Hegseth has launched a review of tech companies’ reliance on foreign engineers. Senators Tom Cotton and Jeanne Shaheen have also written to Hegseth, citing the investigation and demanding more information about Microsoft’s China-based support.
Microsoft’s analysis indicates that Chinese hackers began exploiting SharePoint vulnerabilities as early as July 7. The company released a patch on July 8, but it was bypassed. A subsequent patch with “more robust protections” was issued.
the U.S. Cybersecurity and Infrastructure Security Agency stated that these vulnerabilities allow hackers “to fully access SharePoint content, including file systems and internal configurations, and execute code over the network.” Hackers have also used this access to deploy ransomware.
A spokesperson for the Department of Homeland Security reported no evidence of data exfiltration. Similarly, a spokesperson for the Department of Energy, which oversees the National Nuclear Security Administration, stated the agency was “minimally impacted.”
“At this time, we know of no sensitive or classified information that was compromised,” said Ben Dietderich, a department spokesperson.
Microsoft plans to end support for on-premises versions of SharePoint next July, encouraging customers to migrate to the online version. This shift is driven by revenue, as the online service involves ongoing subscriptions and use of Microsoft’s Azure cloud platform. Azure’s growth has significantly boosted Microsoft’s stock, with the company recently becoming the second in history to surpass a $4 trillion valuation.
