.png){kind=logo}
Microsoft has stopped early warning system access for various Chinese firms after suspecting that a recent information leak was used to stage a large-scale hacking campaign. This move has downgraded the privileges in the Microsoft Active Protections Program, where information is shared with security vendors regarding software vulnerabilities.
According to Reuters, the downgrade came after several attacks on servers running Microsoft SharePoint. Cyber experts and insider sources have claimed some of these attacks are related to Beijing.
The main change involves sharing proof-of-concept code with specific Chinese companies. This code is designed to imitate malware, allowing Microsoft cybersecurity experts to develop defenses before the actual threat occurs.
This can prove to be highly malicious if it falls into the hands of hackers, “which is why we take steps - both known and confidential- to prevent misuse. We continuously review participants and suspend or remove them if we find they violated their contract with us, which includes a prohibition on participating in offensive attacks," a Microsoft insider has reportedly revealed. However, Beijing has denied involvement in any SharePoint-related hacking.
According to Reuters, the tech leader had informed members in the MAPP program about SharePoint vulnerabilities on 24th June, 3rd July, and 7th July.
By withholding early vulnerability information from Chinese firms, the tech giant plans to reduce the risk that the leaks might accelerate cyberattacks. Compared to earlier arrangements, this allows for stringent control of sensitive cybersecurity information, underscoring the sharing and protection of such information. Misuse of proof-of-concept codes has always put defenders at risk. This step signifies Microsoft's adaptation to changing threats by considering its trust in partners.
On a broader scale, the restriction indicates an increasingly selective nature of cybersecurity collaboration. As hackers targeted a widely used platform like SharePoint, technology companies have now moved to prioritize prevention over openness.
This barrier may set a precedent for how international tech companies collaborate on sensitive issues during geopolitical tensions, especially regarding allegations of state-backed cyberattacks.
