Microsoft announced last month that Chinese state-sponsored hackers exploited vulnerabilities in its SharePoint collaboration software to breach hundreds of companies and government agencies, including the National Nuclear Security Administration and Department of Homeland Security. However, the tech giant omitted a crucial detail: China-based engineers have been maintaining the very software that was compromised, as reported by ProPublica.According to screenshots viewed by ProPublica, Microsoft’s internal work-tracking system showed China-based employees recently fixing bugs for SharePoint “OnPrem” — the exact version targeted in the cyberattacks. The revelation raises serious questions about potential security risks when foreign personnel maintain critical US government systems.
Microsoft’s China team has ‘years’ of SharePoint access
ProPublica’s investigation revealed that Microsoft’s China-based engineering team has been responsible for maintaining SharePoint software for years, supervised by a US-based engineer. The company stated that work is “already underway to shift this work to another location” following the security breach.The timing proves particularly concerning given that Microsoft’s analysis showed Chinese hackers were exploiting SharePoint weaknesses as early as July 7. Despite Microsoft releasing a patch on July 8, hackers successfully bypassed the initial fix, forcing the company to issue additional “more robust protections.”
Government systems potentially exposed to foreign oversight
Cybersecurity experts warn that allowing China-based personnel to perform technical support on US government systems creates major security vulnerabilities. Chinese laws grant officials broad authority to collect data, making it difficult for citizens or companies to resist direct requests from security forces.The Office of the Director of National Intelligence has identified China as the “most active and persistent cyber threat” to US government and critical infrastructure networks. The US Cybersecurity and Infrastructure Security Agency confirmed that the SharePoint vulnerabilities enable hackers to “fully access SharePoint content” and execute malicious code.This latest revelation follows ProPublica’s previous reporting that Microsoft has relied on foreign workers, including China-based engineers, to maintain Defense Department cloud systems for over a decade. In response, Defense Secretary Pete Hegseth launched a review of tech companies’ use of foreign-based engineers, while senators from both parties have demanded more information about Microsoft’s practices.
