Microsoft probes suspected leak from cybersecurity partner program

Source Cryptopolitan

Microsoft is probing whether a leak from its Microsoft Active Protections Program (MAPP)—an early warning system for cybersecurity partners—may have enabled Chinese hackers to exploit unpatched vulnerabilities in its SharePoint server software.

The tech firm’s latest patch failed to fully resolve a critical flaw, exposing the tech giant’s systems to a sophisticated global cyber espionage campaign.

In a blog post on Tuesday, Microsoft said the exploitation is being carried out by two Chinese state-affiliated groups, Linen Typhoon and Violet Typhoon, alongside a third group, also believed to be based in China.

Microsoft probes suspected leak from cybersecurity partner program

The company is now investigating whether details from its MAPP program—shared with partners ahead of public patch releases—may have been leaked, accelerating the spread of these attacks.

Microsoft confirmed that it “continually evaluates the efficacy and security of all of our partner programs and makes the necessary improvements as needed.”

The SharePoint vulnerability first came to light in May when Vietnamese security researcher Dinh Ho Anh Khoa demonstrated it at the Pwn2Own cybersecurity conference in Berlin, organized by Trend Micro’s Zero Day Initiative. Khoa was awarded $100,000, and Microsoft issued an initial patch in July.

However, Dustin Childs, head of threat awareness at Trend Micro, said that MAPP partners had been informed of the vulnerability across three waves—June 24, July 3, and July 7. Coincidentally, Microsoft noted the first exploit attempts began on July 7.

Childs suggested the most likely scenario is that “someone in the MAPP program used that information to create the exploits.” While he didn’t name any vendor, he noted the exploit attempts originated mostly from China, making it “reasonable to speculate” the leak came from a company in that region.

Chinese state-backed hackers exploit unpatched SharePoint vulnerability

This is not the first time Microsoft has dealt with this kind of MAPP-related leak. A decade ago, the firm jettisoned China-headquartered Hangzhou DPTech Technologies Co., Ltd., for violating its nondisclosure agreement. Microsoft admitted at the time that there were risks and understood that vulnerable data could be abused.

The MAPP program, which debuted in 2008, was intended to provide security vendors with advance notice of the technical details of vulnerabilities — and, on occasion, sample proof-of-concept code — so they could better protect their customers. A leaked breach now would fly directly in the face of the program’s mission—empowering defenders, not attackers.

Microsoft has not disclosed whether it has identified the source of the leak, but emphasized that any NDA breach would be taken seriously.

Past breaches resurface as Microsoft reconsiders MAPP program integrity

In 2021, Microsoft suspected at least two other Chinese MAPP partners of leaking information about vulnerabilities in its Exchange servers. This led to a global hacking campaign that Microsoft attributed to a Chinese espionage group called Hafnium. It was one of the firm’s worst breaches ever—tens of thousands of exchange servers were hacked, including at the European Banking Authority and the Norwegian Parliament.

After the 2021 incident, the company considered revising the MAPP program. But it did not disclose whether any changes were ultimately made, or whether any leaks were discovered.

Under a 2021 Chinese law, companies and security researchers must report newly discovered vulnerabilities to the Ministry of Industry and Information Technology within 48 hours, according to a report by the Atlantic Council. Some Chinese firms still involved in MAPP, such as Beijing CyberKunlun Technology Co Ltd., also participate in the China National Vulnerability Database—run by the Ministry of State Security—raising further concerns about dual reporting obligations.

Eugenio Benincasa, a researcher at ETH Zurich’s Center for Security Studies, points to the lack of transparency in how Chinese companies reconcile Microsoft’s confidentiality rules with state reporting mandates. “We know some of these firms work with security agencies, and China’s vulnerability management is highly centralized,” he said. “This is an area that clearly needs more scrutiny.”

Your crypto news deserves attention - KEY Difference Wire puts you on 250+ top sites

Disclaimer: For information purposes only. Past performance is not indicative of future results.
placeholder
Gold Price Trend Forecast: June CPI Plus Fed Chair Congressional Testimony, Can Gold Price Hold Above $4,000?As of the Asian session on July 14, gold ( XAUUSD) prices consolidated around the $4,000 mark, briefly slipping below $4,000 intraday to hit a low of $3,983.23. Looking at the market acti
Author  TradingKey
10 hours ago
As of the Asian session on July 14, gold ( XAUUSD) prices consolidated around the $4,000 mark, briefly slipping below $4,000 intraday to hit a low of $3,983.23. Looking at the market acti
placeholder
WTI spikes amid escalating Middle East TensionsWest Texas Intermediate (WTI) oil price extends its gains for the second successive day, trading around $79.60 per barrel during the Asian hours on Tuesday. Crude oil prices rise due to mounting supply anxieties following a sharp escalation of geopolitical hostilities in the Middle East.
Author  FXStreet
16 hours ago
West Texas Intermediate (WTI) oil price extends its gains for the second successive day, trading around $79.60 per barrel during the Asian hours on Tuesday. Crude oil prices rise due to mounting supply anxieties following a sharp escalation of geopolitical hostilities in the Middle East.
placeholder
US June CPI Preview: Can Cooling Inflation Open Up Fed Rate Cut Expectations? How Will US Stocks, the Dollar, and Gold React?The United States will release June Consumer Price Index (CPI) data this Tuesday, which is one of the most critical macroeconomic events in global financial markets this week. As US infla
Author  TradingKey
Yesterday 10: 21
The United States will release June Consumer Price Index (CPI) data this Tuesday, which is one of the most critical macroeconomic events in global financial markets this week. As US infla
placeholder
WTI Crude Oil Price Forecast: US-Iran Conflict Escalates, Oil Price Rally Targets $80As of the early Asian trading session on July 13, WTI crude oil ( USOIL) prices surged. Affected by the escalation of the US-Iran conflict over the weekend, the market has re-incorporated
Author  TradingKey
Yesterday 07: 10
As of the early Asian trading session on July 13, WTI crude oil ( USOIL) prices surged. Affected by the escalation of the US-Iran conflict over the weekend, the market has re-incorporated
placeholder
Gold slides back closer to $4,050 as Iran risks and Fed hike bets boost USDGold (XAU/USD) opens with a modest bearish gap at the start of a new week and slides back closer to the $4,050 level during the Asian session.
Author  FXStreet
Yesterday 07: 04
Gold (XAU/USD) opens with a modest bearish gap at the start of a new week and slides back closer to the $4,050 level during the Asian session.
goTop
quote