Microsoft Used China-Based Engineers to Support Product Recently Hacked by China

Microsoft recently announced that Chinese state-sponsored hackers exploited vulnerabilities in its SharePoint software, impacting hundreds of companies and government agencies. However, the announcement did not disclose that a China-based engineering team has been responsible for SharePoint's maintenance for years. Screenshots from Microsoft's internal systems show these China-based employees fixing bugs for the affected "on premises" version of SharePoint. While it's unclear if these employees were involved in the hack, experts warn that allowing China-based personnel to support U.S. government systems poses significant security risks due to Chinese laws that enable data collection. This follows a previous ProPublica report revealing Microsoft's decade-long reliance on foreign workers, including those in China, to maintain U.S. Defense Department cloud systems without adequate oversight. Microsoft stated that the China-based team is supervised by a U.S.-based engineer and that work is underway to relocate these responsibilities. In response to reporting, Microsoft halted the use of China-based engineers for Defense Department cloud systems and is considering similar changes for other government clients. This situation has prompted a review by the Defense Secretary and calls for more information from U.S. Senators. The SharePoint vulnerabilities allowed hackers to access content, execute code, and spread ransomware, although no sensitive data has been confirmed as compromised for the affected agencies. Microsoft is transitioning customers to its online version of SharePoint, which aligns with its profitable cloud computing business strategy.