CYBERSECURITY A Little-Known Microsoft Program Could Expose the Defense Department to Chinese Hackers

By Renee Dudley, with research by Doris Burke

Published 15 July 2025

Microsoft is using engineers in China to help maintain the Defense Department’s computer systems —with minimal supervision by U.S. personnel. Digital escorts often lack the technical expertise to police foreign engineers with far more advanced skills, leaving highly sensitive data vulnerable to hacking. Microsoft has been warned that the arrangement is inherently risky, but the company launched and expanded it anyway.

Microsoft is using engineers in China to help maintain the Defense Department’s computer systems — with minimal supervision by U.S. personnel — leaving some of the nation’s most sensitive data vulnerable to hacking from its leading cyber adversary, a ProPublica investigation has found.

The arrangement, which was critical to Microsoft winning the federal government’s cloud computing business a decade ago, relies on U.S. citizens with security clearances to oversee the work and serve as a barrier against espionage and sabotage.

But these workers, known as “digital escorts,” often lack the technical expertise to police foreign engineers with far more advanced skills, ProPublica found. Some are former military personnel with little coding experience who are paid barely more than minimum wage for the work.

“We’re trusting that what they’re doing isn’t malicious, but we really can’t tell,” said one current escort who agreed to speak on condition of anonymity, fearing professional repercussions.

The system has been in place for nearly a decade, though its existence is being reported publicly here for the first time.

Microsoft told ProPublica that it has disclosed details about the escort model to the federal government. But former government officials said in interviews that they had never heard of digital escorts. The program appears to be so low-profile that even the Defense Department’s IT agency had difficulty finding someone familiar with it. “Literally no one seems to know anything about this, so I don’t know where to go from here,” said Deven King, spokesperson for the Defense Information Systems Agency.

National security and cybersecurity experts contacted by ProPublica were also surprised to learn that such an arrangement was in place, especially at a time when the U.S. intelligence community and leading members of Congress and the Trump administration view China’s digital prowess as a top threat to the country.

The Office of the Director of National Intelligence has called China the “most active and persistent cyber threat to U.S. Government, private-sector, and critical infrastructure networks.” One of the most prominent examples of that threat came in 2023, when Chinese hackers infiltrated the cloud-based mailboxes of senior U.S. government officials, stealing data and emails from the commerce secretary, the U.S. ambassador to China and others working on national security matters. The intruders downloaded about 60,000 emails from the State Department alone.