Ethical Hacking News
ProPublica reveals how Microsoft used China-based engineers to support its popular SharePoint software, potentially exposing sensitive data to Chinese hackers. The company has since announced plans to stop supporting on-premises versions of the product and is urging customers to switch to the online version, citing cybersecurity concerns.
Microsoft's collaboration software, SharePoint, was exploited by Chinese hackers due to vulnerabilities. The company had used China-based engineers to maintain the product, raising concerns about espionage and data breaches. Microsoft has halted its use of China-based engineers for Defense Department cloud computing systems and is considering the change for other government customers. The company will no longer support on-premises versions of SharePoint and urges customers to switch to the online version. The situation highlights concerns about the complex relationships between technology companies and government agencies, particularly regarding sensitive data and cybersecurity risks.
Microsoft's recent announcement that Chinese state-sponsored hackers had exploited vulnerabilities in its popular collaboration software, SharePoint, has sparked concerns about the company's support for Chinese engineers and the potential risks it poses to sensitive U.S. government systems. While Microsoft initially did not mention that it has long used China-based engineers to maintain the product, ProPublica has uncovered internal work-tracking system screenshots that show China-based employees recently fixing bugs for SharePoint "OnPrem," the version of the software involved in last month's attacks.
The term, short for "on premises," refers to software installed and run on customers' own computers and servers. Microsoft said that the China-based team "is supervised by a US-based engineer and subject to all security requirements and manager code review." However, experts have raised concerns about allowing Chinese personnel to perform technical support and maintenance on U.S. government systems, citing laws in China that grant broad authority to collect data and the difficulty for any Chinese citizen or company to meaningfully resist a direct request from security forces or law enforcement.
According to ProPublica's investigation, Microsoft has relied on foreign workers, including those based in China, to maintain the Defense Department's cloud systems for a decade. The oversight of these foreign workers comes from U.S.-based personnel known as digital escorts, who often lack advanced technical expertise to police foreign counterparts with far more advanced skills. This arrangement left highly sensitive information vulnerable.
In response to ProPublica's story, Microsoft announced that it had halted its use of China-based engineers to support Defense Department cloud computing systems and is considering the same change for other government cloud customers. Additionally, Defense Secretary Pete Hegseth launched a review of tech companies' reliance on foreign-based engineers to support the department. Sens. Tom Cotton and Jeanne Shaheen have written letters to Hegseth, citing ProPublica's investigation, to demand more information about Microsoft's China-based support.
The vulnerabilities exploited by Chinese hackers in SharePoint enabled them to fully access content, including file systems and internal configurations, and execute code over the network. Hackers also leveraged their access to spread ransomware, which encrypts victims' files and demands a payment for their release. The U.S. Cybersecurity and Infrastructure Security Agency said that the vulnerabilities posed a significant threat.
In light of these findings, Microsoft has said that it will no longer support on-premises versions of SharePoint, urging customers to switch to the online version of the product, which generates more revenue due to ongoing software subscriptions and usage of Microsoft's Azure cloud computing platform. The strength of the Azure business has propelled Microsoft's share price in recent years.
It is essential to note that this issue highlights the complex relationships between technology companies and government agencies, particularly when it comes to sensitive data and cybersecurity risks. As the reliance on foreign engineers grows, so do concerns about the potential for espionage and data breaches.
The implications of this situation are far-reaching and underscore the need for greater transparency and accountability in tech companies' relationships with government agencies. ProPublica's investigation has shed light on a pressing concern that warrants further scrutiny, emphasizing the importance of rigorous reporting and analysis to ensure public interest journalism remains a driving force in today's world.
Related Information:
https://www.ethicalhackingnews.com/articles/The-Unsettling-Implications-of-Microsofts-China-Based-SharePoint-Support-ehn.shtml
https://www.propublica.org/article/microsoft-sharepoint-hack-china-cybersecurity
Published: Fri Aug 1 16:10:28 2025 by llama3.2 3B Q4_K_M
