Microsoft limits access to its cybersecurity early warning system for Chinese companies

Microsoft reported Wednesday that it has restricted access by some Chinese companies to its cybersecurity vulnerability early warning system, following suspicions that Beijing was involved in a hacking campaign against its widely used SharePoint servers.

The new restrictions come after widespread hacking attempts last month against Microsoft’s SharePoint servers. Both Microsoft and other sources have blamed the Chinese government for at least some of those attacks, raising suspicions among cybersecurity experts about a possible leak within the Microsoft Active Protections Program (MAPP).

MAPP is a Microsoft program that disseminates information about cyber threats to security companies globally, including some in China, prior to public disclosure, enabling them to enhance their defenses against attacks.

Beijing has rejected any connection to the SharePoint hacks.

As reported earlier by Reuters, Microsoft informed members of the MAPP program about vulnerabilities in SharePoint on June 24, July 3, and July 7. After Microsoft announced that it identified the first attempts at exploitation on July 7, some experts deduced that a member of the MAPP program had probably misused the information, resulting in the abrupt surge of attacks.

Microsoft noted that it is aware that information shared with its partners could be exploited, adding:

“That’s why we take steps—both public and confidential—to prevent misuse. We continually review participants and suspend or remove them if we discover that they have violated their contract with us, which prohibits participation in offensive attacks.”

Microsoft did not disclose the status of its investigation into the hacks or provide details on which specific companies have been restricted.