Table of Contents
Did Chinese Workers Help Hackers Break Into Microsoft’s Systems?
Microsoft faced a huge problem in July 2025. Chinese hackers got into hundreds of companies and government offices. They used flaws in SharePoint software to steal data and cause damage. But here’s the shocking part that Microsoft didn’t tell anyone at first.
Chinese engineers had been fixing and maintaining SharePoint for years. These same workers were handling the exact software that got hacked. This created a risky situation that no one was talking about.
The Timeline That Shows Everything
Here’s what happened step by step:
- May 2025: Security experts found weak spots in SharePoint at a hacker contest in Berlin
- July 8, 2025: Microsoft released fixes for these problems
- July 17-18, 2025: Hackers started attacking SharePoint systems worldwide
- July 19, 2025: Microsoft admitted new attacks were happening using different methods
- July 21, 2025: Emergency patches were released to stop the attacks
The hackers were smart. They found ways around Microsoft’s first fixes by changing just one character in their attack code. This meant the patches didn’t work properly.
Chinese Workers Had Deep Access to Critical Systems
ProPublica found proof that Chinese staff were working on SharePoint “OnPrem” software. This is the exact version that got attacked. Screenshots from Microsoft’s internal systems showed these workers fixing bugs recently.
Microsoft said these workers were watched by American engineers. But experts warn this setup creates big risks. Chinese laws give government officials wide power to collect information. Workers there find it hard to say no to security forces.
The Office of Director of National Intelligence calls China the “biggest cyber threat” to American government and business networks. This makes having Chinese workers maintain critical software even more dangerous.
Microsoft’s Pattern of Poor Security Choices
This SharePoint problem isn’t new for Microsoft. The company has made several bad security decisions:
- Storm 0558 hack: Earlier attacks showed Microsoft’s weak security practices
- Defense Department cloud: Chinese workers maintained military computer systems for over 10 years
- Multiple government systems: Chinese staff worked on Justice, Treasury, and Commerce department systems
After ProPublica reported these problems, Microsoft said it would stop using Chinese engineers for Defense Department work. But the company kept using them for other government customers until the SharePoint attacks happened.
The Real Cost of Cutting Corners
Microsoft’s approach shows a company more focused on saving money than protecting customers. Using foreign workers costs less than hiring American staff. But the risks are enormous when these workers handle systems used by:
- National Nuclear Security Administration
- Department of Homeland Security
- Hundreds of private companies
The hackers got complete access to SharePoint systems. They could read files, change settings, and run harmful programs. Some even spread ransomware that locked up victims’ computers.
Why This Matters for Everyone
SharePoint connects to many other Microsoft programs like Office, Teams, and OneDrive. When hackers break into SharePoint, they can reach much more than just one system. This makes the damage spread quickly through entire organizations.
Microsoft plans to end support for on-premises SharePoint next July. The company wants customers to move to online versions that cost more money. This timing raises questions about whether Microsoft really cares about security or just profits.
Microsoft put money before safety. Chinese workers maintained critical American systems while their government was actively trying to hack those same systems. This created the perfect storm for a major security disaster.
Companies and government agencies need to ask hard questions about who maintains their most important software. Trust should be earned, not assumed – especially when national security is at stake.