Microsoft restricts access to its cyber early warning systems for some Chinese firms

News
By published

Chinese firms won’t be sent a proof of concept by Microsoft anymore

Microsoft
(Image credit: Future)
  • Microsoft will no longer send threat proof of concepts to Chinese firms
  • The alerts are part of the MAPP vulnerability alert system
  • Many believe the Chinese government was involved in the recent SharePoint attack

Access to Microsoft’s early warning system for cybersecurity vulnerabilities will be reduced for some companies following a campaign of attacks which leveraged vulnerabilities in the company's SharePoint platform to target as many as 400 organizations.

Microsoft has restricted access for Chinese firms after suspicions that Beijing was involved in the attacks, with many believing there was a leak in Microsoft’s Active Protections Program (MAPP) - the system Microsoft uses to alert security firms of threats to help them pre-empt hacks and pro-actively defend against attackers.

These vulnerabilities have now been patched, but have previously been observed in the wild being used to deploy ransomware. The flaw allowed attackers to extract cryptographic keys from Microsoft client servers, in turn allowing them to install programmes onto the server, including backdoors or malware.

In the wrong hands

Experts believe the most likely scenario for the explosion of SharePoint attacks was thanks to a rogue member of the MAPP program - and as such, Microsoft will no longer send ‘proof of concept code’ to Chinese firms.

This refers to a demonstration of a concept that helps security teams prepare for an attack by adapting their systems.

TechRadar Pro has reached out to Microsoft to ask about any updates on its investigation, but the firm so far has not offered a comment.

On the other hand, if threat actors are alerted to the defender's plans, they get a head start and can evolve their tactics.

Microsoft identified the possibility in which attackers exploit the alert system; "which is why we take steps – both known and confidential – to prevent misuse”

“We continuously review participants and suspend or remove them if we find they violated their contract with us which includes a prohibition on participating in offensive attacks," the company confirmed.

Via Reuters

You might also like

TOPICS
Ellen Jennings-Trace
Ellen Jennings-Trace
Staff Writer

Ellen has been writing for almost four years, with a focus on post-COVID policy whilst studying for BA Politics and International Relations at the University of Cardiff, followed by an MA in Political Communication. Before joining TechRadar Pro as a Junior Writer, she worked for Future Publishing’s MVC content team, working with merchants and retailers to upload content.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.