Microsoft probing if Chinese hackers learned SharePoint flaws through alert: Reports
In a blog post on Tuesday, Microsoft said two allegedly Chinese hacking groups, dubbed 'Linen Typhoon' and 'Violet Typhoon,' were exploiting the weaknesses, along with a third, also based in China.
The tech giant is probing if a leak from the Microsoft Active Protections Program (MAPP) led to the widespread exploitation of vulnerabilities in its SharePoint software globally over the past several days, the report said.
Microsoft said in a statement provided to Reuters that the company continually evaluates 'the efficacy and security of all of our partner programs and makes the necessary improvements as needed.'
A researcher with Vietnamese cybersecurity firm Viettel demonstrated the SharePoint vulnerability in May at the Pwn2Own cybersecurity conference in Berlin. The conference, put on by cybersecurity company Trend Micro's Zero Day Initiative, rewards researchers in the pursuit of ethically disclosing software vulnerabilities. The researcher, Dinh Ho Anh Khoa, was awarded $100,000 and Microsoft issued an initial patch for the vulnerability in July, but members of the MAPP program were notified of the vulnerabilities on June 24, July 3 and July 7, Dustin Childs, head of threat awareness for the Zero Day Initiative at Trend Micro, told Reuters Friday.
Microsoft first observed exploit attempts on July 7, the company said in the Tuesday blog post.
Childs told Reuters that 'the likeliest scenario is that someone in the MAPP program used that information to create the exploits.'
It's not clear which vendor was responsible, Childs said, 'but since many of the exploit attempts come from China, it seems reasonable to speculate it was a company in that region.'
It would not be the first time that a leak from the MAPP program led to a security breach. More than a decade ago, Microsoft accused a Chinese firm, Hangzhou DPTech Technologies Co., Ltd., of breaching its non-disclosure agreement and expelled it from the program.
'We recognize that there is the potential for vulnerability information to be misused,' Microsoft said in a 2012 blog post, around the time that information first leaked from the program. 'In order to limit this as much as possible, we have strong non-disclosure agreements (NDA) with our partners. Microsoft takes breaches of its NDAs very seriously.'
Any confirmed leak from MAPP would be a blow to the program, which is meant to give cyber defenders the upper hand against hackers who race to parse Microsoft updates for clues on how to develop malicious software that can be used against still-vulnerable users.
Launched in 2008, MAPP was meant to give trusted security vendors a head start against the hackers, for example, by supplying them with detailed technical information and, in some cases, 'proof of concept' software that mimics the operation of genuine malware.
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Time of India
33 minutes ago
- Time of India
RBI purchases half a tonne of gold in June
MUMBAI: The Reserve Bank of India ( RBI ) bought nearly half a tonne of gold in the last week of June after a relatively conservative spell of bullion shopping in the current fiscal year. The RBI's outstanding stock of gold amounted to 879.8 tonnes as of June 27, up from 879.6 tonnes in the previous week. This translates into fresh purchases of 4 quintals by the central bank during the week. Explore courses from Top Institutes in Please select course: Select a Course Category MCA Cybersecurity healthcare Degree Operations Management CXO Project Management Others Data Science Public Policy Technology Design Thinking others Data Science Data Analytics PGDM Management Healthcare Product Management Artificial Intelligence Finance Leadership MBA Digital Marketing Skills you'll gain: Programming Proficiency Data Handling & Analysis Cybersecurity Awareness & Skills Artificial Intelligence & Machine Learning Duration: 24 Months Vellore Institute of Technology VIT Master of Computer Applications Starts on Aug 14, 2024 Get Details Gold has emerged as the fastest growing component of India's foreign exchange reserves in recent years, with the value of the yellow metal climbing more than 80% in the past 5 years. Its share in India's foreign exchange reserves climbed to 12.1% as of July 18, 2025, from 8.9% as of July 19, 2024. by Taboola by Taboola Sponsored Links Sponsored Links Promoted Links Promoted Links You May Like Join new Free to Play WWII MMO War Thunder War Thunder Play Now Undo As a natural hedge against inflation, gold has found significant institutional backing lately. World Gold Council (WGC) data showed gold purchases by central banks topped 1,000 tonnes over each of the past three years, significantly higher than usual purchases. "While safety and liquidity constitute the twin objectives of reserve management in India, return optimisation is kept in view within this framework," notes the central bank's latest report of foreign exchange reserves. Live Events Although returns on gold were among the highest in India, the central bank seldom sells its gold holdings . Significantly, the last time RBI had bought gold was in the last week of March, central bank data showed. From an investment perspective with returns at 26% in the first half of this calendar year, gold has earned among the highest returns for India, showed WGC estimates. Only returns in Turkey, in excesses of 40%, were higher than in India. Gold returns in India also exceeded those in advanced market currencies such as the pound, yen and euro or even the Chinese renminbi, even though China is one of the largest consumers of gold.
Mint
34 minutes ago
- Mint
Nayara Energy sues Microsoft over Russia's Rosneft-linked service suspension, cites ‘corporate overreach'
IT services giant Microsoft Corp has suspended services to Russian oil major Rosneft-backed Nayara Energy Ltd after the European Union's (EU) sanctions on Moscow. Following the suspension of Microsoft services, the Indian oil refinery company on Monday sued the US tech giant in the Delhi High Court. "Nayara Energy has initiated legal proceedings against Microsoft following the abrupt and unilateral suspension of critical services. Microsoft is currently restricting Nayara Energy's access to its own data, proprietary tools, and products - despite these being acquired under fully paid-up licences," the company said in a statement. "This decision, based solely on Microsoft's unilateral interpretation of recent European Union (EU) sanctions, sets a dangerous precedent for corporate overreach and raises serious concerns regarding its implications on India's energy ecosystem," Nayara added. Earlier this month, the EU imposed sanctions on Nayara as part of a new raft of measures against Russia over its war with Ukraine. Rosneft owns a 49.13 per cent stake in Nayara Energy, formerly known as Essar Oil Ltd. An investment consortium SPV, Kesani Enterprises Company, holds another 49.13 per cent stake in Nayara. Kesani is owned by Russia's United Capital Partners (UCP) and Hara Capital Sarl, a wholly owned subsidiary of Mareterra Group Holding (formerly Genera Group Holding S.p.A.). The Indian company owns and operates a 20 million tonnes a year oil refinery at Vadinar in Gujarat, as well as over 6,750 petrol pumps. Nayara, in its petition, has sought an interim injunction and resumption of Microsoft services to safeguard its rights and ensure continued access to essential digital infrastructure. "These steps are aimed at preventing any potential disruption to Nayara's ability to meet its obligations to Indian consumers and stakeholders," it said. The firm further said that while the sanctions originate exclusively from the EU, Microsoft, a US-headquartered corporation, decided to withdraw services from Nayara Energy without any legal requirement to do so under the US or Indian laws.
The Hindu
an hour ago
- The Hindu
India, Japan officials meet, discuss PM's visit, bullet train project
Ahead of Prime Minister Narendra Modi's visit to Japan next month, Foreign Secretary Vikram Misri met with visiting Japanese Vice-Minister Funakoshi Takehiro in Delhi on Monday (July 28, 2025) to discuss strengthening ties, upcoming projects and smoothing out supply chain issues. Both sides are understood to have discussed the latest developments in the Shinkansen Bullet train project to connect Ahmedabad (Sabarmati) and Mumbai, including Japan's decision, reported by the Japan Times earlier this year, to gift India two of its latest E-10 Shinkansen trains, which will be simultaneously introduced in Japan and India. According to the latest schedule revealed in a Parliament response by Railway Minister Ashwini Vaishnav last week, the Gujarat portion of the Mumbai-Ahmedabad High Speed Railway will be completed by December 2027, and the entire project, which was initially due to be done in 2022, is now expected to be completed by December 2029. During his visit to Delhi, Mr. Funakoshi also met with P.K. Mishra, Principal Secretary to the Prime Minister, to discuss Mr. Modi's travel plans. 'The dialogue was instrumental in reviewing progress in various dimensions of our ties, exploring new areas of collaboration and contributing to further deepening the bonds of friendship and cooperation between India and Japan,' said the Ministry of External Affairs in a statement, adding that Mr. Misri and Mr. Funakoshi discussed 'political ties, defence and security, economic security, trade and investment, infrastructure cooperation, technology and people-to-people exchanges' during talks at Hyderabad House. In addition, officials on both sides have been discussing problems with the shortage of critical minerals required for batteries and rare earth magnets for Battery Electric Vehicles produced by Japanese manufacturers due to export restrictions from China. According to sources, companies such as Suzuki and Toyota have been particularly affected, as they factor in the lower cost of Chinese materials required for EV cars manufactured in India. In the long term, the sources said that India and Japan are considering collaborations for the development of rare earth materials here and other third countries like Vietnam. India and Japan hold annual bilateral summits, a practice that was derailed in 2024 due to elections in both countries and conflicting schedules, and the visit has been put off a few times until now. While a date for Mr. Modi's visit to Japan is yet to be announced, it is expected to be held in the second half of August. He is also expected to travel to China for the Shanghai Cooperation Organisation (SCO) summit on August 31-September 1, although officials did not confirm whether the two visits would be combined or separate. 'With an eye on Prime Minister Modi's visit to Japan scheduled within this year, the two sides confirmed that Japan and India will strengthen bilateral relations in a wide range of areas such as security, economy and people-to-people exchanges,' a Japanese Ministry of Foreign Affairs statement said. 'They also confirmed that both countries will further cooperate with each other, including within the framework of Quad [Japan-Australia-India-U.S.] to realise a 'free and open Indo-Pacific', it added. Japanese Prime Minister Shigeru Ishiba is also expected to visit India for the Quad Summit, along with U.S. President Donald Trump and Australian Prime Minister Anthony Albanese, later this year, possibly in mid-November. 'During the dialogue, Foreign Secretary and his counterpart reaffirmed the growing importance of the India-Japan Special Strategic and Global Partnership for peace, prosperity and stability in the Indo-Pacific region and beyond,' the MEA statement said. (with inputs from Maitri Porecha)
