fbpx

Type to search

Cyber Security

Chinese Ministry Axes Alibaba Cloud Deal Over Late Bug Report

December 22, 2021

MIIT said it received a report from a third party about the issue, prompting officials to suspend a cooperative partnership


Jeff Zhang, Alibaba's chief technology officer, holds a new self-developed AI chip at the 2019 Alibaba Cloud Computing Conference in Hangzhou. Photo: Reuters.

 

Chinese regulators on Wednesday suspended an information-sharing partnership with Alibaba Cloud Computing, a subsidiary of e-commerce conglomerate Alibaba Group, over accusations it failed to promptly report and address a cybersecurity vulnerability, according to state-backed media reports.

Alibaba Cloud did not immediately report vulnerabilities in the popular, open-source logging framework Apache Log4j2 to China’s telecommunications regulator, citing a recent notice by the Ministry of Industry and Information Technology (MIIT).

Alibaba Cloud recently discovered a remote code execution vulnerability in the Apache Log4j2 component, notifying the US-based Apache Software Foundation, according to the statement.

An employee, Chen Zhaojun, emailed the open-source software’s volunteer development team Apache Software Foundation, to report the bug, which threatened the security of millions of computers. Experts around the world’s hailed Chen’s initiative.

“Mad props to Chen Zhaojun of Alibaba Cloud Security for responsibly disclosing the #log4j vulnerability in private directly to the log4j developers, so that a patch to log4j was released by December 6, several days before the vulnerability went public,” said Talia Ringer, an assistant professor of computer science at the University of Illinois Urbana-Champaign.

However, MIIT said it received a report from a third party about the issue, rather than from Alibaba Cloud.

Cybersecurity Threats

That prompted MIIT to suspend a cooperative partnership with the cloud unit regarding cybersecurity threats and information-sharing platforms.

The partnership would be reassessed in six months and revived depending on the company’s internal reforms, the notice said.

This latest measure highlights Beijing’s desire to strengthen control over key online infrastructure and data in the name of national security.

The Chinese government has asked state-owned companies to migrate their data from private operators such as Alibaba and Tencent to a state-backed cloud system by next year.

The suspension highlights Beijing’s concern at a vulnerability that has triggered a wave of panic among corporations and governments around the world.

Alibaba Cloud declined to comment on the suspension.

 

  • Reuters, with George Russell

 


 

READ MORE:

Crypto Platform Poly Network Rewards Hacker with Big ‘Bug Bounty’

Tesla Pulls Full Self-Driving Beta Due To Software Issues

Fake bullion scam highlights bitcoin’s benefits

 

 

George Russell

George Russell is a freelance writer and editor based in Hong Kong who has lived in Asia since 1996. His work has been published in the Financial Times, The Wall Street Journal, Bloomberg, New York Post, Variety, Forbes and the South China Morning Post.

You Might also Like

TSMC to Cut Off All Chinese AI Clients From Its Advanced Chips
TSMC to Cut Off All Chinese AI Clients From Its Advanced Chips
World Underestimates Climate Breakdown Risks: Guterres - G'dian
World Underestimates Climate Breakdown Risks: Guterres - G'dian
China Backs $1.4 Trln For Local Government Debt Swaps
China Backs $1.4 Trln For Local Government Debt Swaps
China 'More Vulnerable to Trump Tariffs' After Slowdown
China 'More Vulnerable to Trump Tariffs' After Slowdown
logo

Cyber Security

Meta Hit With $15m Fine From South Korean Data Watchdog
Meta Hit With $15m Fine From South Korean Data Watchdog
Jim Pollard 05 Nov 2024
  • Popular News
ABOUT AF
RESOURCES
LEGAL + PRIVACY
DISCLAIMER

Asia Financial is owned by Capital Link International Holdings Ltd, 902, Wilson House 19-27 Wyndham Street, Central, Hong Kong. www.capitallinkintl.com