Microsoft said on Wednesday that it is scaling back some Chinese companies’ access to its early warning system for cybersecurity vulnerabilities. This comes following speculations that Beijing was involved in the hacking of the company’s widely-used SharePoint servers.
The hacking raised suspicions among cybersecurity experts that there was a leak in the Microsoft Active Protections Program (MAPP), which Microsoft uses to help security vendors worldwide including China, to learn about cyber threats in order to defend themselves against hackers. Beijing has denied its involvement.
Microsoft said in a statement that several Chinese firms would no longer receive “proof of concept code,” which mimics the operation of genuine malicious software. While proof of concept code can help cybersecurity professionals, it can also be repurposed by hackers.
READ: Microsoft crosses $4 trillion value, joins Nvidia (
Microsoft said it was aware that the information it provided its partners could be exploited, “which is why we take steps – both known and confidential – to prevent misuse.” The tech giant also added, “we continuously review participants and suspend or remove them if we find they violated their contract with us which includes a prohibition on participating in offensive attacks.”
Microsoft’s SharePoint was compromised last month, when a global cyberattack exploited a previously unknown “zero-day” vulnerability in its on-premise servers. Cybersecurity firm Sophos reported, verified by Reuters, that attackers used the same payload across all targeted servers, highlighting a coordinated effort likely managed by one actor. There are more than 8,000 susceptible servers around the world, including those belonging to industrial companies, banks, healthcare providers, and both state and international governments. Thousands of businesses, government agencies, and other organizations were rendered vulnerable due to the attack.
READ: Microsoft CEO addresses employees following layoffs (
Microsoft later stated that Chinese state-sponsored hackers were responsible for the attack. Reports later revealed that support for SharePoint is handled by a China-based engineering team, which has been maintaining the software for years — a fact Microsoft neglected to mention.
A ProPublica report revealed Microsoft’s use of a Chinese team for maintaining SharePoint after it viewed screenshots of Microsoft’s internal work-tracking system that showed China-based employees recently fixing bugs for SharePoint “OnPrem,” the version of the software involved in last month’s attacks. The term, short for “on premises,” refers to software installed and run on customers’ own computers and servers.
Microsoft said the China-based team “is supervised by a U.S.-based engineer and subject to all security requirements and manager code review. Work is already underway to shift this work to another location.”