Microsoft Scales Back Chinese Access to Cyber Early Warning System
In a move aimed at mitigating potential security risks, Microsoft has scaled back some Chinese companies' access to its early warning system for cybersecurity vulnerabilities. The decision comes in the wake of speculation that Beijing was involved in a hacking campaign against the company's widely used SharePoint servers.
The Hacking Campaign
Last month, Microsoft experienced a series of sweeping hacking attempts against its SharePoint servers, with at least some of which were blamed on Beijing. The sudden explosion in hacking attempts led some cybersecurity experts to suspect that there was a leak in the Microsoft Active Protections Program (MAPP), which provides security vendors worldwide, including in China, with early warnings about cyber threats.
Microsoft first notified members of the MAPP program of the SharePoint vulnerabilities on June 24, July 3, and July 7. However, it was on July 7 that Microsoft first observed exploitation attempts on its servers. This timing led some experts to suggest that a rogue member of the MAPP program might have misused the information, triggering the hacking campaign.
The Restrictions
Microsoft has since restricted several Chinese firms from receiving "proof of concept code," which mimics the operation of genuine malicious software. Proof of concept code can be useful for cybersecurity professionals seeking to harden their systems quickly, but it also poses a risk if misused by hackers.
In response to this risk, Microsoft stated that it takes steps to prevent misuse, including reviewing participants and suspending or removing them from the program if they violate their contract. The company's decision was made aware of the potential for its information to be exploited, and it is working to prevent such misuse.
The Investigation
Microsoft has declined to disclose the status of its investigation into the hacking campaign or provide specifics about which companies have been restricted from receiving proof of concept code. However, the company's actions suggest that it is taking proactive steps to address potential security risks and protect its users.
The incident highlights the complexities of international cybersecurity cooperation and the need for vigilance in preventing cyber threats. As Microsoft continues to monitor the situation, it remains to be seen how this incident will impact global cybersecurity efforts.