- Microsoft will no longer send threat proof of concepts to Chinese companies
- The alarms are part of the mapp -vulnerability alarm system
- Many believe that the Chinese government was involved in the recent SharePoint attack
Access to Microsoft’s early CyberSecurity warning system is reduced to some companies following a campaign with attacks that utilized vulnerabilities in the company’s SharePoint platform to target as many as 400 organizations.
Microsoft has limited access to Chinese companies on suspicion that Beijing was involved in the attacks, with many believing there was a leak in Microsoft’s Active Protections Program (MAPP) system Microsoft uses to warn security companies of threats to help them prevent hacks and pro-active defends against attackers.
These vulnerabilities have now been patched, but have previously been observed in nature used to insert ransomware. The error allowed attackers to extract cryptographic keys from Microsoft client servers, which in turn allows them to install programs on the server, including back doors or malware.
In the wrong hands
Experts believe that the most likely scenario for the explosion of SharePoint attacks was thanks to a junk member of the MAPP program -and as such Microsoft will no longer send ‘proof of concept code’ to Chinese companies.
This refers to a demonstration of a concept that helps security teams prepare for an attack by customizing their systems.
Techradar Pro has reached Microsoft to ask about any updates about its investigation, but the company has so far not offered a comment.
On the other hand, if threat players are warned about the defender’s plans, they get a head start and can develop their tactics.
Microsoft identified the possibility of attackers exploiting the alarm system; “That’s why we take steps – both known and confidential – to prevent abuse”
“We continuously review participants and suspend or remove them if we find out that they violated their contract with us, which includes a ban on participating in offensive attacks,” the company confirmed.
Via Pakinomist
