Microsoft SharePoint Hack: Probe on Whether Chinese Hackers Found Flaw via Alert
A potential cybersecurity breach at Microsoft is under scrutiny. Whispers suggest Chinese hackers may have leveraged leaked information from Microsoft’s early warning system to target vulnerabilities in SharePoint. The question: Did privileged access meant to protect, inadvertently expose, allowing attackers to slip through the net before the security patches could be deployed? The investigation is ongoing.
A tech giant is investigating whether a program intended to fortify its cybersecurity defenses backfired spectacularly, potentially triggering a global wave of SharePoint vulnerability exploits in recent days. Insiders familiar with the inquiry, who spoke on condition of anonymity, are exploring the possibility that the very system designed to preemptively address security flaws inadvertently opened the floodgates to widespread attacks.
“Microsoft is committed to bolstering its defenses,” a company spokesperson declared. “We’re dissecting this incident to extract every possible lesson, ensuring enhanced protection not just here, but across our entire partner ecosystem. These programs are vital to our security strategy, and we’re doubling down on their resilience.”
Accusations of state-sponsored hacking? China’s embassy fires back, citing Foreign Affairs Ministry Spokesman Guo Jiakun’s firm stance: “Cybersecurity is a shared global burden, demanding collaborative solutions through open dialogue.” Guo minced no words, declaring China’s legal opposition to hacking while simultaneously condemning what he called thinly veiled, cybersecurity-based attacks and smears directed against the nation.
A shadowy alliance between Chinese state-sponsored hackers and seemingly legitimate cybersecurity firms may be exploiting a Microsoft program meant to protect users. Microsoft is pointing fingers at Beijing, alleging that SharePoint breaches are the work of government-backed actors. The alleged scheme involves at least a dozen Chinese companies enrolled in Microsoft’s Active Protections Program (MAPP). This 17-year-old initiative grants members early access – a 24-hour head start – to vital vulnerability patches before public release. The catch? MAPP members, vetted as cybersecurity vendors, must swear off developing offensive tools, including penetration testing software, and sign a strict non-disclosure agreement. The question now is whether that trust has been broken, creating a backdoor for malicious actors to weaponize advance knowledge of Microsoft’s vulnerabilities.
A subset of more highly-vetted users receive notifications of an incoming patch five days earlier, according to Microsoft’s MAPP website.
“Microsoft’s early warning system, the Microsoft Active Protections Program (MAPP), may have sprung a leak, potentially exposing critical vulnerability data before patches could be deployed. Dustin Childs, threat awareness czar at Trend Micro’s Zero Day Initiative, confirmed MAPP members were briefed on the SharePoint flaws exploited in recent attacks. “These two bugs were in the MAPP release,” Childs stated, acknowledging the unsettling possibility. The implication is clear: privileged pre-release information may have fallen into the wrong hands. While reaffirming MAPP’s overall value, Childs conceded that such a breach poses a significant threat to the program’s integrity and future.”
A digital siege is underway. Over 400 government agencies and corporations across the globe are under attack, including a chilling target: the US National Nuclear Security Administration the very guardians of America’s nuclear arsenal. Microsoft points the finger at Chinese government-backed hacking groups, Linen Typhoon, Violet Typhoon, and Storm-2603, for at least some of these incursions. Beijing denies involvement, decrying “smearing others without solid evidence,” but the scale and sensitivity of the targets paint a disturbing picture of escalating cyber warfare.
At Berlin’s Pwn2Own hacking competition, Dinh Ho Anh Khoa, a cybersecurity researcher from Vietnam’s Viettel, didn’t just attend – he conquered. In a dramatic live demonstration, Khoa exposed previously unknown vulnerabilities within SharePoint, leaving the audience breathless. Forget polite applause; this was hacking gladiatorial combat. The spoils? A hefty $100,000 prize. But the real win came afterward. Behind closed doors, Khoa, Childs (the event organizer), and a Microsoft representative dissected the exploit. Khoa’s detailed white paper became Microsoft’s urgent to-do list, kicking off a rapid-response mission to patch the holes Khoa had so expertly revealed.
Microsoft raced against the clock, scrambling for 60 days to seal a critical security flaw. But just as the cavalry arrived – the official patch released July 8th – cyberattackers launched a preemptive strike, targeting vulnerable SharePoint servers the day before, according to cybersecurity experts.
“Childs suggests hackers might have independently stumbled upon and exploited the vulnerabilities the very day Microsoft disclosed them to MAPP members, but calls this scenario a staggering coincidence. The far more plausible explanation? Someone leaked the intel directly to the attackers.”
A whisper of an upcoming patch has escaped, a potentially catastrophic security breach. “It’s a nightmare scenario, and sadly, not unprecedented,” warns Jim Walter, senior threat researcher at SentinelOne.
For over a decade, Microsoft’s MAPP program has been battling a persistent shadow: leaks. The earliest major incident traces back to 2012, when Microsoft directly accused Chinese network security firm Hangzhou DPtech Technologies Co. of betraying their trust. The alleged offense? Exposing a severe Windows vulnerability through prematurely disclosed information. The consequences were swift. Hangzhou DPtech was banished from the MAPP alliance, and Microsoft, stung by the breach, vowed to reinforce its defenses, promising tightened security protocols to safeguard sensitive data from future betrayal.
2021: Microsoft’s defenses crumbled. Not from a sophisticated zero-day, but from trusted partners. Two Chinese members of Microsoft’s own security program were suspected of betraying the company, whispering secrets about Exchange server vulnerabilities. The result? A global hacking inferno ignited by a Chinese espionage group, Hafnium. Tens of thousands of servers worldwide went up in flames, from the European Banking Authority to the Norwegian Parliament. It was a digital Pearl Harbor for Microsoft, a breach etched in infamy.
Bloomberg reported the company contemplated overhauling its MAPP program after the 2021 breach. Whether these revisions ever materialized, or if the source of the leak was ever identified, remains shrouded in secrecy.
China’s cybersecurity landscape took a sharp turn in 2021. A new law demands immediate disclosure: any security flaw discovered, whether by a tech giant or an independent researcher, must be reported to the Ministry of Industry and Information Technology within 48 hours. But here’s the twist: some companies still collaborating in Microsoft’s MAPP program, like Beijing CyberKunlun Technology, are also participants in the China National Vulnerability Database – a program run by the Ministry of State Security. The Atlantic Council report unveils this intricate web, raising questions about data flow and potential state influence in global vulnerability management.
The digital world is walking a tightrope. Chinese tech firms, privy to Microsoft’s vulnerability intel, face a daunting balancing act: safeguarding global systems versus Beijing’s demands. ETH Zurich’s Eugenio Benincasa warns that this tightrope is shrouded in secrecy. Benincasa notes, “We know that some of these companies collaborate with state security agencies and that the vulnerability management system is highly centralized.” The question remains: are firewalls truly secure when the keys might be shared? Benincasa’s call is clear: it’s time to pull back the curtain and scrutinize this potential chink in the armor of global cybersecurity.
© 2025 Bloomberg LP
Thanks for reading Microsoft SharePoint Hack: Probe on Whether Chinese Hackers Found Flaw via Alert
