Microsoft Investigates Possible Leak in Early Cybersecurity Alert System

Microsoft Corp. is investigating whether Chinese hackers exploited vulnerabilities in SharePoint software using information leaked from its early cybersecurity alert program designed to help partners prepare defenses.

The probe focuses on the Microsoft Active Protections Program (MAPP), which gives vetted cybersecurity partners early access to vulnerability information before public disclosure. Chinese state-sponsored groups allegedly used this head start to attack over 400 organizations worldwide, including the U.S. National Nuclear Security Administration, launching attacks just one day before Microsoft's official patch release on July 7.

• Chinese hacking groups Linen Typhoon, Violet Typhoon, and Storm-2603 are blamed for the SharePoint breaches affecting critical infrastructure
• The vulnerabilities were first demonstrated at May's Pwn2Own security conference by Vietnamese researcher Dinh Ho Anh Khoa
• Previous incidents in 2012 and 2021 involved Chinese MAPP partners leaking vulnerability information, raising concerns about program integrity
• Some Chinese cybersecurity firms in MAPP also participate in China's government-run vulnerability database overseen by the Ministry of State Security