Microsoft probing if Chinese hackers learned SharePoint flaws via alert
What's the story
Microsoft is looking into whether a leak from its early alert system for cybersecurity firms allowed Chinese hackers to exploit flaws in its SharePoint service before they were patched, according to Bloomberg News. The company released a patch this month, but it didn't completely fix a critical vulnerability in the system. This paved the way for a widespread global cyber spying campaign.
Investigation underway
Investigation is focused on Microsoft Active Protections Program
In a recent blog post, Microsoft said two Chinese hacking groups, "Linen Typhoon" and "Violet Typhoon," were exploiting the weaknesses. A third group from China is also involved. The investigation is focused on the Microsoft Active Protections Program (MAPP) and whether it contributed to the global exploitation of vulnerabilities in SharePoint software over the past few days.
Vulnerability exposure
Vulnerability first disclosed at Pwn2Own conference in Berlin
The SharePoint vulnerability was first demonstrated by a researcher from Vietnamese cybersecurity firm Viettel at the Pwn2Own conference in Berlin, back in May. The researcher, Dinh Ho Anh Khoa, was awarded $100,000 for ethically disclosing the software vulnerability. Microsoft issued an initial patch for this flaw in July after MAPP program members were notified about it on June 24, July 3, and July 7.
Exploit attempts
Microsoft detected exploit attempts on July 7
Microsoft first detected exploit attempts on July 7, according to a blog post. Dustin Childs, head of threat awareness for Trend Micro's Zero Day Initiative, suggested that "the likeliest scenario is that someone in the MAPP program used that information to create the exploits." He also hinted at a possible link between these exploits and China-based vendors due to their origin.
Previous breach
Similar incident occurred over a decade ago
This isn't the first time a leak from the MAPP program has resulted in a security breach. Over a decade ago, Microsoft accused Hangzhou DPTech Technologies Co., Ltd., a Chinese firm, of violating its non-disclosure agreement (NDA) and expelled it from the program. In response to such incidents, Microsoft has emphasized that it takes NDA breaches very seriously and has strict agreements with its partners to prevent misuse of vulnerability information.