The breach, affecting hundreds of U.S. companies and government agencies including the Department of Homeland Security (DHS) and the National Nuclear Security Administration (NNSA) underscores rising concerns about foreign involvement in critical American digital infrastructure.
According to the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the vulnerabilities in SharePoint allowed attackers to “fully access SharePoint content, including file systems and internal configurations, and remotely execute code.”
The intruders further weaponized this access to deploy ransomware, encrypting files and demanding payment from victims.
Microsoft said the flaws were exploited as early as July 7. A patch was issued the next day, but proved insufficient, and hackers bypassed it.
A second update followed with stronger protections. DHS reported no confirmed data exfiltration, and the Department of Energy said its impact was “minimal.” However, the incident highlighted the risks posed when hackers gain administrative-level access to widely used collaboration systems.
What Microsoft did not disclose in its initial announcement was its reliance on a China-based engineering team to maintain the “SharePoint OnPrem” systems the on‑premises version directly targeted in the attacks.
Screenshots of Microsoft’s internal task‑tracking system reviewed by ProPublica showed Chinese engineers making bug fixes on this very platform.
Microsoft confirmed the team’s involvement but stated that its work was closely supervised by a U.S.-based engineer, with every code change reviewed and aligned with security standards. The company stressed that work was already being shifted out of China.
Yet, cybersecurity professionals warn that Chinese laws grant state agencies sweeping powers to demand cooperation from private companies and individuals, raising fears that Beijing could exploit offshore staffing for intelligence collection.
The controversy follows earlier reporting that Microsoft utilized overseas engineers, including those in China, to manage Department of Defense cloud systems, with oversight provided by U.S. staff known as “digital escorts.”
Critics argue these escorts often lacked the technical expertise to monitor their foreign colleagues, leaving sensitive systems vulnerable fully.
In response to mounting pressure, Microsoft announced it has ended use of China-based engineers to support Pentagon systems and is “evaluating” removing them from other government projects.
Defense Secretary Pete Hegseth has ordered a department-wide review of contractor reliance on foreign engineers, while members of Congress have pressed for greater transparency.
Looking ahead, Microsoft has confirmed it will discontinue support for on‑premises SharePoint in July 2026, urging customers to migrate to its subscription-based cloud service, Azure — a business that has fueled the company’s $4 trillion market valuation.
Find this Story Interesting! Follow us on Google News , LinkedIn and X to Get More Instant Updates
The post New Report Alleges Microsoft Turned to China for SharePoint Bug Fixing and Support appeared first on Cyber Security News.
The original AirTags are still great value, especially now they’re over half off. | Photo…
The girl group is coming back. Get ready to get even more K-pop, demonier, and…
If you're in the process of building a new gaming PC, the AMD Ryzen 7…
Fortnite fans are in uproar over Epic Games' changes to the pricing and availability of…
Best Buy is offering an outstanding deal on a slim and lightweight laptop that still…
Facebook Marketplace is adding a bunch of new AI-powered tools that are supposed to make…
This website uses cookies.