China Halts Alibaba Cybersecurity Cooperation for Slow Reporting of Threat, State Media Says
SINGAPORE—Chinese authorities suspended a cybersecurity partnership with the cloud-computing unit of
Alibaba Group Holding Ltd.
BABA -3.78%
over delays in reporting a global software vulnerability that is roiling governments and companies world-wide, state media reported.
China’s ministry in charge of technology said its cybersecurity threat and information platform would be stopping its cooperation with Alibaba Cloud for six months, as the company had failed to report the Log4j2 flaw to relevant authorities in a timely manner, the state-run China Daily reported on Wednesday, citing unnamed ministry officials. Alibaba declined to comment.
The flaw in Apache Log4j software, a free bit of code that logs activity in computer networks and applications, was made public this month and is being exploited by hackers in an attempt to gain access to retail and government sites, among others. In the U.S., officials said hundreds of millions of devices were at risk and issued an emergency directive ordering federal agencies to take steps to mitigate the threat by Christmas Eve.
Distributed free by the nonprofit Apache Software Foundation, Log4j has been downloaded millions of times and is among the most widely used tools to collect information across corporate computer networks, websites and applications.
Technology suppliers such as
International Business Machines Corp.
and
VMware Inc.
have said they are deploying patches for the flaw, while
Amazon.com Inc.
and
Microsoft Corp.
have said they are monitoring the issue.
Alibaba is part of a national cybersecurity-threat database, which requires members to promptly report information about such glitches, according to the China Daily report. The Hangzhou-based company’s failure to report the issue quickly hindered efforts by the Ministry of Industry and Information Technology to handle the threat effectively, the report said.
The ministry, also known as MIIT, said it would reassess Alibaba’s corrective measures before resuming its current partnership, the paper wrote. MIIT didn’t respond to a faxed request for comment sent after office hours.
The MIIT released a statement on its website on Friday about the software flaw, adding that it had received reports of the Log4j vulnerability eight days earlier and called in cybersecurity experts, including those from Alibaba Cloud, to assess the cybersecurity threat. In the statement, the ministry said the Log4j flaw was a high-risk vulnerability, that it could lead to equipment being controlled remotely and could result in sensitive information being stolen.
MIIT added that Alibaba Cloud had discovered the Log4j vulnerability and had informed the Apache Foundation about its existence.
Alibaba, the first Chinese technology provider to make a foray into cloud computing, is China’s largest cloud provider and had 34% of the country’s market in the second quarter of the year, according to researcher Canalys.
In the European Union, cybersecurity response teams for member countries are closely watching Log4j developments, while Belgium’s Defense Ministry said it had shut down parts of its computer network because of cyberattacks linked to the vulnerability.
—Rachel Liang and Zhao Yueling contributed to this article.
Write to Liza Lin at [email protected]
Copyright ©2021 Dow Jones & Company, Inc. All Rights Reserved. 87990cbe856818d5eddac44c7b1cdeb8
For all the latest Technology News Click Here
For the latest news and updates, follow us on Google News.
Denial of responsibility! NewsBit.us is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – [email protected]. The content will be deleted within 24 hours.
