Microsoft probing whether cyber alert tipped off Chinese hackers
Microsoft is looking into whether a leak from its early alert system led to the widespread exploitation of vulnerabilities in the SharePoint software.
Microsoft is investigating whether a leak from its early alert system for cybersecurity companies allowed Chinese hackers to exploit flaws in its SharePoint service before they were patched, according to people familiar with the matter.
The technology company is looking into whether the programme – designed to give cybersecurity experts a chance to fix computer systems before the revelation of new security concerns – led to the widespread
exploitation of vulnerabilities in its SharePoint software globally over the past several days, the people said, asking not to be identified discussing private matters.
'As part of our standard process, we'll review this incident, find areas to improve, and apply those improvements broadly,' a Microsoft spokesperson said in a statement, adding that partner programmes are an important part of the company's security response.
The Chinese embassy in Washington referred to comments made by foreign affairs ministry spokesman Guo Jiakun to media earlier this week, opposing hacking activities.
'Cybersecurity is a common challenge faced by all countries and should be addressed jointly through dialogue and cooperation,'' Mr Guo said.
'China opposes and fights hacking activities in accordance with the law. At the same time, we oppose smears and attacks against China under the excuse of cybersecurity issues.'
Microsoft has attributed SharePoint breaches
to state-sponsored hackers from China , and at least a dozen Chinese companies participate in the initiative, called the Microsoft Active Protections Program, or MAPP, according to Microsoft's website.
Members of the 17-year-old programme must prove they are cybersecurity vendors and that they don't produce hacking tools like penetration testing software.
After signing a non-disclosure agreement, they receive information about novel patches to vulnerabilities 24 hours before Microsoft releases them to the public.
A subset of more highly-vetted users receive notifications of an incoming patch five days earlier, according to Microsoft's MAPP website.
Mr Dustin Childs, head of threat awareness for the Zero Day Initiative at cybersecurity company Trend Micro, says Microsoft alerted members of the program about the vulnerabilities that led to the SharePoint attacks.
'These two bugs were included in the MAPP release,' says Mr Childs, whose company is a MAPP member. 'The possibility of a leak has certainly crossed our minds.'
He adds that such a leak would be a dire threat to the program, 'even though I still think MAPP has a lot of value'.
Victims of the attacks now total more than 400 government agencies and corporations worldwide, including the US's National Nuclear Security Administration, the division responsible for designing and maintaining the country's nuclear weapons.
For at least some of the attacks, Microsoft has blamed Linen Typhoon and Violet Typhoon, groups sponsored by the Chinese government, as well as another China-based group it calls Storm-2603.
In response to the allegations, the Chinese Embassy has said it opposes all forms of cyberattacks, while also objecting to 'smearing others without solid evidence'.
Mr Dinh Ho Anh Khoa, a researcher who works for the Vietnamese cybersecurity firm Viettel, revealed that SharePoint had unknown vulnerabilities in May at Pwn2Own, a conference in Berlin run by Mr Childs' organisation where hackers sit on stage and search for critical security vulnerabilities in front of a live audience.
After the public demonstration and celebration, Mr Khoa headed to a private room with Childs and a Microsoft representative, Mr Childs said.
Mr Khoa explained the exploit in detail and handed over a full white paper.
Microsoft validated the research and immediately began working on a fix. Mr Khoa won US$100,000 (S$128,160) for the work.
It took Microsoft about 60 days to come up with a fix. On July 7, the day before it released a patch publicly, hackers attacked SharePoint servers, cybersecurity researchers said.
It is possible that hackers found the bugs independently and began exploiting them on the same day that Microsoft shared them with MAPP members, says Mr Childs. But he adds that this would be an incredible coincidence. The other obvious possibility is that someone shared the information with the attackers.
The leak of news of a pending patch would be a substantial security failure, but 'it has happened before,' says Mr Jim Walter, senior threat researcher the cyber firm SentinelOne.
MAPP has been the source of alleged leaks as far back as 2012, when Microsoft accused the Hangzhou DPtech Technologies, a Chinese network security company, of disclosing information that exposed a major vulnerability in Windows. Hangzhou DPtech was removed from the MAPP group.
At the time, a Microsoft representative said in a statement that it had also 'strengthened existing controls and took actions to better protect our information'.
In 2021, Microsoft suspected at least two other Chinese MAPP partners of leaking information about vulnerabilities in its Exchange servers, leading to
a global hacking campaign that Microsoft blamed on a Chinese espionage group called Hafnium.
It was one of the company's worst breaches ever – tens of thousands of exchange servers were hacked, including at the European Banking Authority and the Norwegian Parliament.
Following the 2021 incident, the company considered revising the MAPP program, Bloomberg previously reported. But it did not disclose whether any changes were ultimately made or whether any leaks were discovered.
A 2021 Chinese law mandates that any company or security researcher who identifies a security vulnerability must report it within 48 hours to the government's Ministry of Industry and Information Technology, according to an Atlantic Council report.
Some of the Chinese companies that remain involved in MAPP, such as Beijing CyberKunlun Technology, are also members of a Chinese government vulnerabilities programme, the China National Vulnerability Database, which is operated by the country's Ministry of State Security, according to Chinese government websites.
Mr Eugenio Benincasa, a researcher at ETH Zurich's Center for Security Studies, says there is a lack of transparency about how Chinese companies balance their commitments to safeguard vulnerabilities shared by Microsoft with requirements that they share information with the Chinese government.
'We know that some of these companies collaborate with state security agencies and that the vulnerability management system is highly centralised,' says Mr Benincasa.
'This is definitely an area that warrants closer scrutiny.' BLOOMBERG
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Straits Times
20 minutes ago
- Straits Times
West Ham sign former Newcastle striker Wilson on one-year deal
Sign up now: Get ST's newsletters delivered to your inbox FILE PHOTO: Soccer Football - Premier League - Newcastle United v Everton - St James' Park, Newcastle, Britain - May 25, 2025 Newcastle United's Callum Wilson salutes their fans after the match Action Images via Reuters/Lee Smith/File Photo LONDON - West Ham United have recruited ex-Newcastle United and Bournemouth striker Callum Wilson as a free agent on a one-year contract, the east London club announced on Saturday. The 33-year-old Wilson has had 111 direct goal involvements in 239 Premier League appearances, including 49 in 130 games for Newcastle, where he failed to agree a new contract. He has played nine times for England, scoring twice. "I'm excited to be joining a massive football club like West Ham. A club that shares a similar passion to mine, hard work, dedication and also I strive for success so I'm glad to be a part of it," Wilson said. Wilson moved to Newcastle in September 2022 and had his best Premier League tally of 18 goals in 2022-23, a season that also saw him feature for England at the World Cup in Qatar. He played in just 18 league games last term due to injuries. "He is a proven, experienced Premier League striker, with a great work ethic and a fantastic goalscoring record," West Ham coach Graham Potter said. Top stories Swipe. Select. Stay informed. Singapore $3b money laundering case: MinLaw names 6 law firms taken to task over involvement in property deals Singapore Police reopen access to all areas in Marina Bay after crowd congestion eases at NDP Preview area Singapore Opening of Woodlands Health has eased load on KTPH, sets standard for future hospitals: Ong Ye Kung Asia KTM plans new passenger rail service in Johor Bahru to manage higher footfall expected from RTS Singapore HSA investigating teen allegedly vaping on MRT train Asia 4 workers dead after falling into manhole in Japan Singapore New vehicular bridge connecting Punggol Central and Seletar Link to open on Aug 3 Singapore New S'pore jobs portal launched for North West District residents looking for work near home "He also has excellent character and personality, which is such an important factor, and something that we place a big emphasis on with our player recruitment." REUTERS
Straits Times
3 hours ago
- Straits Times
India to maintain Russian oil imports despite Trump threats, government sources say
Sign up now: Get ST's newsletters delivered to your inbox US President Donald Trump has threatened 100 per cent tariffs on US imports from countries that buy Russian oil unless Moscow reaches a peace deal with Ukraine. NEW DELHI - India will keep purchasing oil from Russia despite US President Donald Trump's threats of penalties, two Indian government sources told Reuters on Aug 2, not wishing to be identified due to the sensitivity of the matter. On top of a new 25 per cent tariff on India's exports to the US, Mr Trump indicated in a Truth Social post in July that India would face additional penalties for purchases of Russian arms and oil. On Aug 1, Mr Trump told reporters he had heard that India would no longer be buying oil from Russia. But the sources said there would be no immediate changes. 'These are long-term oil contracts,' one of the sources said. 'It is not so simple to just stop buying overnight.' Justifying India's oil purchases from Russia, a second source said India's imports of Russian grades had helped avoid a global surge in oil prices, which have remained subdued despite Western curbs on the Russian oil sector. Unlike Iranian and Venezuelan oil, Russian crude is not subject to direct sanctions, and India is buying it below the current price cap fixed by the European Union, the source said. Top stories Swipe. Select. Stay informed. Singapore $3b money laundering case: MinLaw names 6 law firms taken to task over involvement in property deals Singapore Police reopen access to all areas in Marina Bay after crowd congestion eases at NDP Preview area Singapore Opening of Woodlands Health has eased load on KTPH, sets standard for future hospitals: Ong Ye Kung Asia KTM plans new passenger rail service in Johor Bahru to manage higher footfall expected from RTS Singapore HSA investigating teen allegedly vaping on MRT train Asia 4 workers dead after falling into manhole in Japan Singapore New vehicular bridge connecting Punggol Central and Seletar Link to open on Aug 3 Singapore New S'pore jobs portal launched for North West District residents looking for work near home The New York Times also quoted two unnamed senior Indian officials on Aug 2 as saying there had been no change in Indian government policy. Indian government authorities did not respond to Reuters' request for official comment on its oil purchasing intentions. However, during a regular press briefing on Aug 1, foreign ministry spokesperson Randhir Jaiswal said India has a 'steady and time-tested partnership' with Russia. 'On our energy sourcing requirements... we look at what is there available in the markets, what is there on offer, and also what is the prevailing global situation or circumstances,' he said. The White House did not immediately respond to requests for comment. India's top supplier Mr Trump, who has made ending Russia's war in Ukraine a priority of his administration since returning to office this year, has expressed growing impatience with Russian President Vladimir Putin in recent weeks. He has threatened 100 per cent tariffs on US imports from countries that buy Russian oil unless Moscow reaches a peace deal with Ukraine. Russia is the leading supplier to India, the world's third-largest oil importer and consumer, accounting for about 35 per cent of its overall supplies. India imported about 1.75 million barrels per day of Russian oil from January to June this year, up 1 per cent from a year ago, according to data provided to Reuters by sources. But while the Indian government may not be deterred by Mr Trump's threats, sources told Reuters this week that Indian state refiners stopped buying Russian oil after July discounts narrowed to their lowest since 2022 - when sanctions were first imposed on Moscow - due to lower Russian exports and steady demand. Indian Oil, Hindustan Petroleum, Bharat Petroleum and Mangalore Refinery Petrochemical have not sought Russian crude in the past week or so, four sources told Reuters. Nayara Energy - a refinery majority-owned by Russian entities, including oil major Rosneft, and major buyer of Russian oil - was recently sanctioned by the EU. Nayara's chief executive resigned following the sanctions, and three vessels laden with oil products from Nayara Energy have yet to discharge their cargoes, hindered by the new EU sanctions, Reuters reported last week. REUTERS
Straits Times
4 hours ago
- Straits Times
China claim 1-2 in the women's 3m springboard for ninth diving gold at World Aquatics C'ships
Sign up now: Get ST's newsletters delivered to your inbox Chinese diver Chen Yiwen claims gold in the women's 3m springboard diving event at the World Aquatics Championships in Singapore on August 2. SINGAPORE – Despite a slow start, Olympic champion Chen Yiwen showed her prowess in the women's 3m springboard dive at the World Aquatics Championships (WCH) on Aug 2 when she came from behind to reclaim her title. Competing at the OCBC Aquatic Centre, Chen – who won the gold in the 2023 edition in Fukuoka, Japan – had entered the finals as the top qualifier, but the Chinese diver trailed for two rounds behind leader and compatriot Chen Jia. A strong third-round performance saw her leapfrog into the lead, which she never relinquished. The 26-year-old eventually finished top after five rounds in 389.70 points, ahead of Chen Jia's 356.40. Italy's Chiara Pellacani was third in 323.20. Yiwen's triumph in Singapore was her ninth world title overall, as well as the ninth diving gold for China at the 2025 championships. When asked if she had a slow start, she said: 'Not really, I think it was my first move, which has always had technical issues.' The Chinese diver had earlier claimed gold in the mixed 3m and 10m team event on July 26, before partnering with Chen Jia to win the women's 3m synchronised event on July 29. Top stories Swipe. Select. Stay informed. Singapore $3b money laundering case: MinLaw names 6 law firms taken to task over involvement in property deals Singapore Police reopen access to all areas in Marina Bay after crowd congestion eases at NDP Preview area Singapore Opening of Woodlands Health has eased load on KTPH, sets standard for future hospitals: Ong Ye Kung Asia KTM plans new passenger rail service in Johor Bahru to manage higher footfall expected from RTS Singapore HSA investigating teen allegedly vaping on MRT train Asia 4 workers dead after falling into manhole in Japan Singapore New vehicular bridge connecting Punggol Central and Seletar Link to open on Aug 3 Singapore New S'pore jobs portal launched for North West District residents looking for work near home On being world champion again, she added: 'It gives me a bit more confidence for the future. Actually, I was quite worried during the last jump because there were (loud) noises outside… I was worried it might have an impact.' World championships debutante Chen Jia, 20, said: 'Actually, in the first round, I was quite confident, but in the second and third round, there were some technical issues. 'It may look easy. But when you stand on the board, with that atmosphere and that responsibility, it's an invisible pressure. Also with so many years of stable performances (from China) in the women's events, we definitely need to keep moving forward. 'I think for this competition, I'm not too satisfied… But for a first world championship trip, I'm quite satisfied.' Pellacani, who won the mixed 3m synchronised dive with partner Matteo Santoro on July 30, said: 'It was my goal to get a medal in this event after (finishing in) fourth place at the Olympic Games in Paris. And we worked really hard for this. So I'm very, very happy. 'I always start low on the first round, but the most important thing is to keep it very consistent, and that's what I did during the preliminary round, semi-final and final. I know there are still some things that I have to improve in my diving, for example, my entry can be better.' The men's 10m platform semi-final and final will be contested on the final day of the championships on Aug 3.
