Microsoft has relied on engineers based in China for years to help maintain some of the U.S. Department of Defense’s

A report from ProPublica has claimed Microsoft is using these engineers to maintain the Department of Defense’s computer systems, with ‘minimal supervision by US personnel’.

Microsoft recently released urgent security flaw patche s to address a zero-day vulnerability that affected SharePoint servers, which have been abused in attacks since July 18, with victims reportedly including a private energy operator in California as well as a private fintech firm in New York.

Following a Pro Publica report that Microsoft was using engineers in China to help maintain cloud computing systems for the U.S. Department of Defense, the company said it’s made changes to ensure this will no longer happen.

The move comes after a ProPublica report highlighted a Microsoft program that allows foreign engineers to indirectly interact with U.S. military systems through American “escort” intermediaries.

Microsoft’s support model — in which China-based engineers relay commands to US-based personnel with national security clearances for input — prompts a Pentagon audit into foreign visibility inside US defense cloud systems.

Among the attackers now actively exploiting vulnerable on-premises Microsoft SharePoint servers, at least one has shown indications of originating from China, according to the assessment of researchers at Google Cloud-owned Mandiant.

National security experts expressed alarm over Microsoft's practices allowing China-based engineers access to Pentagon cloud systems after a ProPublica investigation.

Chinese workers are accompanied by US citizens functioning as 'digital escorts,' but the practice functions 'with little review,' according to a ProPublica investigation.