A branch of the technology company Microsoft can be seen in Manhattan.
Sven Hoppe | Picture Alliance | Getty Images
Microsoft said on Wednesday it has scaled back some Chinese companies’ access to its early warning system for cybersecurity vulnerabilities following speculation that Beijing was involved in a hacking campaign against the company’s widely used SharePoint servers.
The new restrictions come in the wake of last month’s sweeping hacking attempts against Microsoft SharePoint servers, at least some of which Microsoft and others have blamed on Beijing. That raised suspicions among several cybersecurity experts that there was a leak in the Microsoft Active Protections Program (MAPP), which Microsoft uses to help security vendors worldwide, including in China, to learn about cyber threats before the general public so they can better defend against hackers.
Beijing has denied involvement in any SharePoint hacking.
Microsoft notified members of the MAPP program of the SharePoint vulnerabilities on June 24, July 3 and July 7, Reuters has previously reported. Because Microsoft said it first observed exploitation attempts on July 7, the timing led some experts to allege that the likeliest scenario for the sudden explosion in hacking attempts was because a rogue member of the MAPP program misused the information.
In a statement, Microsoft said several Chinese firms would no longer receive “proof of concept code,” which mimics the operation of genuine malicious software. Proof of concept code can help cybersecurity professionals seeking to harden their systems in a hurry, but it can also be repurposed by hackers to get a jump start on the defenders.
Microsoft said it was aware that the information it provided its partners could be exploited, “which is why we take steps – both known and confidential – to prevent misuse. We continuously review participants and suspend or remove them if we find they violated their contract with us which includes a prohibition on participating in offensive attacks.”
Microsoft declined to disclose the status of its investigation of the hacking or go into specifics about which companies had been restricted.
