Microsoft used staff in China to help babysit US govt cloud services, report says
(2025/07/28)
- Reference: 1753725759
- News link: https://www.theregister.co.uk/2025/07/28/microsoft_china_staffers_us_govt_cloud/
- Source link:
Microsoft has been left with egg on its face after an independent investigation revealed a concerning pattern of using workers based in China to maintain and support US government customers on its Azure cloud.
The [1]initial report , published by nonprofit investigative journalism outfit ProPublica on July 15, exposed Redmond's practice of using China-based engineers to staff contracts for the US Department of Defense, potentially exposing sensitive government data to hacking and espionage.
In response to the report, US Secretary of Defense Pete Hegseth said he would launch an investigation into the practice, [2]writing on X , "Foreign engineers — from any country, including of course China — should NEVER be allowed to maintain or access DoD systems."
[3]
Shortly after, Microsoft said it would take swift action to adjust its practices. Frank X. Shaw, the company's chief communications officer, wrote in a [4]post to X , "Microsoft has made changes to our support for US Government customers to assure that no China-based engineering teams are providing technical assistance for DoD Government cloud and related services."
[5]
[6]
However, a [7]follow-up report published on Friday emphasized that Microsoft's habit of using overseas engineering staff for government customers has been pervasive, extending to contracts not just for the DoD but also the Department of Justice, the Department of the Treasury, the Environmental Protection Agency, the Department of Education, and the Department of Commerce.
As of this writing, Microsoft has not responded to The Register 's request for comment on whether it plans to adjust its practices across all of its government contracts, beyond just the DoD. However, it told ProPublica it was taking "steps" to ensure the security of government cloud customers' data, without offering further details.
[8]
The US departments in question are all customers of what Microsoft calls its Government Community Cloud. While this packaging of Azure isn't intended for classified data, any information stored in it related to government operations could nonetheless be considered sensitive.
The concern is that granting Chinese nationals this level of access to US government systems could leave data and applications wide open to all manner of threats. Malicious hacking, including ransomware and other cyberattacks, is one obvious worry. More troubling is the potential for the Chinese government to enlist its citizens for state espionage purposes.
Microsoft has claimed that, by policy, foreign workers with access to government systems are supervised by US citizens with government security clearances. However, according to the report, these overseers, dubbed "digital escorts," often lack technical expertise and are ill-equipped to understand what engineers are actually doing.
[9]
Other cloud providers, including AWS, Google, and Oracle, told ProPublica that they do not employ a similar management structure and do not use foreign workers to maintain government accounts.
The kerfuffle over Redmond's use of foreign labor comes hot on the heels of news that the company plans to shed another [10]9,000 workers , bringing the year's layoffs to more than 15,000 worldwide. Naturally, Microsoft claims it's all about AI.
[11]Microsoft invites Chinese software vendors to sell on its marketplace and through its partners
[12]Blame a leak for Microsoft SharePoint attacks, researcher insists
[13]Microsoft admits it 'cannot guarantee' data sovereignty
[14]Microsoft brings 365 suite on-prem as part of sovereign cloud push
In a July 24 memo to employees, CEO Satya Nadella [15]said the job cuts have been "weighing heavily" on him, but added, "Teams are reorganizing. Scopes are expanding. New opportunities are everywhere. It reminds me of the early '90s, when PCs and productivity software became standard in every home and every desk! That's exactly where we are now with AI."
Despite Nadella's chirpy pronouncement, it seems more likely that Microsoft's recent bloodletting — and its reliance on cheap overseas labor — are all part of a concerted effort to cut staffing costs so it can divert funds to building out its AI capacity.
Evidence of this is that Microsoft has steadily increased its capital expenditures over recent quarters, which suggests the software giant is investing heavily in non-software activities, such as building and expanding datacenters. Analysts expect this trend to continue when Redmond announces its next quarterly earnings on July 30. ®
Get our [16]Tech Resources
[1] https://www.propublica.org/article/microsoft-digital-escorts-pentagon-defense-department-china-hackers
[2] https://x.com/PeteHegseth/status/1946226166282527037?s=19
[3] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_onprem/publicsector&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=2&c=2aIfy-NJAbqbT_UXxyh6v_AAAAI8&t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0
[4] https://x.com/fxshaw/status/1946299139068965008/
[5] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_onprem/publicsector&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44aIfy-NJAbqbT_UXxyh6v_AAAAI8&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[6] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_onprem/publicsector&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33aIfy-NJAbqbT_UXxyh6v_AAAAI8&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0
[7] https://www.propublica.org/article/microsoft-tech-support-government-cybersecurity-china-doj-treasury
[8] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_onprem/publicsector&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44aIfy-NJAbqbT_UXxyh6v_AAAAI8&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[9] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_onprem/publicsector&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33aIfy-NJAbqbT_UXxyh6v_AAAAI8&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0
[10] https://www.theregister.com/2025/07/02/microsoft_layoffs/
[11] https://www.theregister.com/2025/01/09/microsoft_invites_chinese_isvs_to_marketplaces/
[12] https://www.theregister.com/2025/07/26/microsoft_sharepoint_attacks_leak/
[13] https://www.theregister.com/2025/07/25/microsoft_admits_it_cannot_guarantee/
[14] https://www.theregister.com/2025/06/17/microsoft_365_on_prem_azure_local/
[15] https://www.theregister.com/2025/07/25/microsoft_ceo_job_cuts/
[16] https://whitepapers.theregister.com/
The [1]initial report , published by nonprofit investigative journalism outfit ProPublica on July 15, exposed Redmond's practice of using China-based engineers to staff contracts for the US Department of Defense, potentially exposing sensitive government data to hacking and espionage.
In response to the report, US Secretary of Defense Pete Hegseth said he would launch an investigation into the practice, [2]writing on X , "Foreign engineers — from any country, including of course China — should NEVER be allowed to maintain or access DoD systems."
[3]
Shortly after, Microsoft said it would take swift action to adjust its practices. Frank X. Shaw, the company's chief communications officer, wrote in a [4]post to X , "Microsoft has made changes to our support for US Government customers to assure that no China-based engineering teams are providing technical assistance for DoD Government cloud and related services."
[5]
[6]
However, a [7]follow-up report published on Friday emphasized that Microsoft's habit of using overseas engineering staff for government customers has been pervasive, extending to contracts not just for the DoD but also the Department of Justice, the Department of the Treasury, the Environmental Protection Agency, the Department of Education, and the Department of Commerce.
As of this writing, Microsoft has not responded to The Register 's request for comment on whether it plans to adjust its practices across all of its government contracts, beyond just the DoD. However, it told ProPublica it was taking "steps" to ensure the security of government cloud customers' data, without offering further details.
[8]
The US departments in question are all customers of what Microsoft calls its Government Community Cloud. While this packaging of Azure isn't intended for classified data, any information stored in it related to government operations could nonetheless be considered sensitive.
The concern is that granting Chinese nationals this level of access to US government systems could leave data and applications wide open to all manner of threats. Malicious hacking, including ransomware and other cyberattacks, is one obvious worry. More troubling is the potential for the Chinese government to enlist its citizens for state espionage purposes.
Microsoft has claimed that, by policy, foreign workers with access to government systems are supervised by US citizens with government security clearances. However, according to the report, these overseers, dubbed "digital escorts," often lack technical expertise and are ill-equipped to understand what engineers are actually doing.
[9]
Other cloud providers, including AWS, Google, and Oracle, told ProPublica that they do not employ a similar management structure and do not use foreign workers to maintain government accounts.
The kerfuffle over Redmond's use of foreign labor comes hot on the heels of news that the company plans to shed another [10]9,000 workers , bringing the year's layoffs to more than 15,000 worldwide. Naturally, Microsoft claims it's all about AI.
[11]Microsoft invites Chinese software vendors to sell on its marketplace and through its partners
[12]Blame a leak for Microsoft SharePoint attacks, researcher insists
[13]Microsoft admits it 'cannot guarantee' data sovereignty
[14]Microsoft brings 365 suite on-prem as part of sovereign cloud push
In a July 24 memo to employees, CEO Satya Nadella [15]said the job cuts have been "weighing heavily" on him, but added, "Teams are reorganizing. Scopes are expanding. New opportunities are everywhere. It reminds me of the early '90s, when PCs and productivity software became standard in every home and every desk! That's exactly where we are now with AI."
Despite Nadella's chirpy pronouncement, it seems more likely that Microsoft's recent bloodletting — and its reliance on cheap overseas labor — are all part of a concerted effort to cut staffing costs so it can divert funds to building out its AI capacity.
Evidence of this is that Microsoft has steadily increased its capital expenditures over recent quarters, which suggests the software giant is investing heavily in non-software activities, such as building and expanding datacenters. Analysts expect this trend to continue when Redmond announces its next quarterly earnings on July 30. ®
Get our [16]Tech Resources
[1] https://www.propublica.org/article/microsoft-digital-escorts-pentagon-defense-department-china-hackers
[2] https://x.com/PeteHegseth/status/1946226166282527037?s=19
[3] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_onprem/publicsector&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=2&c=2aIfy-NJAbqbT_UXxyh6v_AAAAI8&t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0
[4] https://x.com/fxshaw/status/1946299139068965008/
[5] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_onprem/publicsector&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44aIfy-NJAbqbT_UXxyh6v_AAAAI8&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[6] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_onprem/publicsector&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33aIfy-NJAbqbT_UXxyh6v_AAAAI8&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0
[7] https://www.propublica.org/article/microsoft-tech-support-government-cybersecurity-china-doj-treasury
[8] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_onprem/publicsector&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44aIfy-NJAbqbT_UXxyh6v_AAAAI8&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[9] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_onprem/publicsector&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33aIfy-NJAbqbT_UXxyh6v_AAAAI8&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0
[10] https://www.theregister.com/2025/07/02/microsoft_layoffs/
[11] https://www.theregister.com/2025/01/09/microsoft_invites_chinese_isvs_to_marketplaces/
[12] https://www.theregister.com/2025/07/26/microsoft_sharepoint_attacks_leak/
[13] https://www.theregister.com/2025/07/25/microsoft_admits_it_cannot_guarantee/
[14] https://www.theregister.com/2025/06/17/microsoft_365_on_prem_azure_local/
[15] https://www.theregister.com/2025/07/25/microsoft_ceo_job_cuts/
[16] https://whitepapers.theregister.com/
It looks MS can't even protect US sovereignity on its data...
kmorwath
... not only that of EU ones.
And I'm sure in the Celestial Empire, "cloud acts" are even stronger....
How long could Nadella protect himself - even if he made shareholders riched and richer?
druck
What more does Microsoft have to do to prove they are unfit for any purpose either on prem or in the cloud?
NoneSuch
> What more does Microsoft have to do to prove they are unfit for any purpose either on prem or in the cloud?
They've had nothing to prove to me since Windows 2000.
Paul Crawford
In the past, and in some locations even the present, if you wanted to handle any sensitive data you had to get all staff with access listed and vetted. So WTF were the DoD doing giving the data to MS without having exactly that sort of system, with working checks, in place for all staff that were involved?
may_i
You hit the nail on the head! Any classified system must have access only for vetted and named people. If that isn't a stipulation of any contract the military made with Microsoft, I would be very surprised.
Wilfully breaking the conditions of a contract with the military doesn't normally go away with a glib "we have changed our procedures" excuse...
Wang Cores
Money.
Ahh Bless
IGotOut
"the job cuts have been "weighing heavily" on him"
Then he thought of his next dividend payout and slept soundly..
Busy
This is because the Russians are busy babysitting FBI and CIA.