Microsoft shrinks Chinese access to cyber early warning system

By

Follows SharePoint hacking campaign.

Microsoft has scaled back some Chinese companies' access to its early warning system for cyber security vulnerabilities following speculation that Beijing was involved in a hacking campaign against the company's widely used SharePoint servers.

Microsoft shrinks Chinese access to cyber early warning system

The vendor announced that several Chinese firms would no longer receive "proof-of-concept code," which mimics the operation of genuine malicious software.

Proof-of-concept code can help cyber security professionals seeking to harden their systems in a hurry, but it can also be repurposed by hackers to get a jump start on the defenders.

The new restrictions come in the wake of last month's sweeping hacking attempts against Microsoft SharePoint servers, at least some of which Microsoft and others have blamed on Beijing.

That raised suspicions among several cybersecurity experts that there was a leak in the Microsoft Active Protections Program (MAPP), which Microsoft uses to help security vendors worldwide, including in China, to learn about cyber threats before the general public so they can better defend against hackers.     

Beijing has denied involvement in any SharePoint hacking. 

Microsoft notified members of the MAPP program of the SharePoint vulnerabilities on June 24, July 3 and July 7.

Microsoft said it first observed exploitation attempts on July 7.

As such, the timing led some experts to allege that the likeliest scenario for the sudden explosion in hacking attempts was due to a rogue member of the MAPP program misusing the information.

The vendor added that it was aware that the information it provided its partners could be exploited, "which is why we take steps – both known and confidential – to prevent misuse."

"We continuously review participants and suspend or remove them if we find they violated their contract with us, which includes a prohibition on participating in offensive attacks." 

Microsoft declined to disclose the status of its investigation into the hacking or reveal specifics about which companies had been restricted.

Got a news tip for our journalists? Share it with us anonymously here.
Tags:
microsoft mappsecurity

Sponsored Whitepapers

State of the SOC: Building Resilience in a Shifting Threat Landscape
State of the SOC: Building Resilience in a Shifting Threat Landscape
Transform IT Service Delivery with Freshworks ITSM
Transform IT Service Delivery with Freshworks ITSM
Digital Transformation That Works in the Real World
Digital Transformation That Works in the Real World
Beyond the Breach: Logicalis Delivers Scalable, Business-Aligned MXDR Security
Beyond the Breach: Logicalis Delivers Scalable, Business-Aligned MXDR Security
Transforming IT for the Hybrid Era
Transforming IT for the Hybrid Era

Events

Most Read Articles

Travel eSIMs secretly route traffic over Chinese and undisclosed networks: study

Travel eSIMs secretly route traffic over Chinese and undisclosed networks: study
Greater Western Water's billing system data issues laid bare

Greater Western Water's billing system data issues laid bare
Accenture to buy Australian cyber security firm CyberCX

Accenture to buy Australian cyber security firm CyberCX
TPG Telecom reveals iiNet order management system breached

TPG Telecom reveals iiNet order management system breached
techpartner.news logo
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
"It's an exciting time to be part of the health and aged care sector"
"It's an exciting time to be part of the health and aged care sector"
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Orro claims Australia first with managed digital asset discovery service
Orro claims Australia first with managed digital asset discovery service

Log In

  |  Forgot your password?