Microsoft has curtailed certain Chinese companies’ access to its early cybersecurity risk alerts after allegations surfaced that Beijing was connected to a major hacking campaign targeting the tech giant’s SharePoint servers.
The move comes after a wave of cyberattacks last month on Microsoft’s widely used SharePoint platform. While Beijing has denied any involvement, some cybersecurity specialists suspect that a leak from Microsoft’s Active Protections Program (MAPP)—a collaborative network that provides security firms, including those in China, with advance notice of vulnerabilities—may have fueled the attacks.
Microsoft previously notified MAPP participants about the SharePoint flaws ahead of the wider public, a strategy designed to give security professionals a defensive head start.
On July 7, Microsoft observed the first signs of the vulnerabilities being exploited, shortly after sharing details with its partners. Experts say this timing raises the possibility that a member of the MAPP program may have inappropriately used the privileged data.
In response, Microsoft announced it will no longer distribute “proof of concept code”—snippets that demonstrate how a vulnerability can be exploited—to some Chinese security companies. Though these codes assist in shoring up defences, they also give malicious actors a blueprint for cyber intrusions.
Microsoft said that it was aware that providing this information carries risks, and the company has implemented measures—both transparent and confidential—to guard against misuse. The company also noted it routinely reviews and removes MAPP participants found in violation of its terms, which ban involvement in offensive cyber operations.
