In an investigation, it has been revealed that Microsoft utilized engineers based in China to provide technical support and bug fixes for SharePoint. This collaboration software was recently exploited by Chinese state-sponsored hackers in a significant cyberattack affecting numerous organizations, including sensitive U.S. government agencies.

Technical Specifications and Security Measures

Microsoft announced that vulnerabilities in SharePoint were exploited by Chinese hackers to breach computer systems, impacting companies and government agencies such as the National Nuclear Security Administration and the Department of Homeland Security. The support for SharePoint has been managed by a China-based engineering team for several years. Internal work-tracking system screenshots indicate that China-based employees were recently fixing bugs for SharePoint OnPrem, the on-premises version of the software targeted in the attacks. This version involves software installed on customers’ own systems, making it susceptible to direct manipulation.

Microsoft has stated that the China-based team is supervised by a U.S.-based engineer and subject to all security requirements and manager code reviews. The company also announced plans to relocate this work to another location, though no specific timeline has been provided. While it is unclear if Microsoft’s China-based staff were involved in the SharePoint hack, experts have highlighted security risks associated with Chinese personnel handling technical support for U.S. government systems.

Operational Impact and Strategic Adjustments

This situation is part of a broader pattern involving Microsoft’s reliance on foreign workers. An investigation found that Microsoft has used foreign workers, including those in China, to maintain the Defense Department’s cloud systems. Oversight is provided by U.S.-based personnel termed “digital escorts,” who may lack the technical expertise to effectively supervise their foreign counterparts. This arrangement was developed to satisfy Defense Department concerns about foreign employee involvement and to meet requirements for handling sensitive data.

In response to government inquiries and mounting pressure, Microsoft has announced it has ceased using China-based engineers for Defense Department cloud systems and is considering similar changes for other government cloud customers. The recent SharePoint attack began on July 7, 2025, with Microsoft issuing an initial patch on July 8, which was bypassed by hackers, necessitating a more robust patch.

Implications for Future Strategy

Government agencies have reported varying levels of impact from the breach, with the Department of Homeland Security and the Department of Energy indicating minimal impact with no sensitive data compromised. Moving forward, Microsoft will no longer support on-premises versions of SharePoint starting next July, encouraging customers to transition to the online version. This shift aligns with Microsoft’s strategy to promote subscription-based services and its Azure cloud computing platform, contributing to its valuation milestone of exceeding $4 trillion in market value.

This investigation underscores crucial questions about security protocols in software infrastructure and the risks of international staffing arrangements within the cybersecurity domain.