The ministry of information technology in China has opted to pull back from its collaboration with Alibaba temporarily. The ministry deals with industry and issues involving IT and has collaborated with Alibaba in the past. However, the ministry issued a statement that stated that they will be pulling back from the partnership for a while.
Alibaba Cloud is an intelligence firm that deals with cyber threats. Based on reports in the media, the actions taken against it are due to a lack of proper issuing of information. The Chinese government says that they were not the first to be informed by the firm when the vulnerability Log4Shell was discovered.
Log4j has several vulnerabilities which the malware Log4Shell targets. The creators of Log4j were notified by Alibaba’s security team concerning the threat, towards the end of November. Part of their information to the developers included information concerning the vulnerabilities which are mostly known as Log4Shell and LogJam. Log4j is a logging utility, with a wide user base.
The official tracking identity of the malware is CVE-2021-44228. There are many ways in which malware can be used and exploited. It can even be used to gain full control of any vulnerable systems. Before the officially released report was issued on 6th December, several groups and individuals alike had already taken advantage of the malware, using it to control systems with vulnerabilities. From cybercriminals to threat groups, many minds with evil intent got to work and took advantage of several vulnerable systems.
Alibaba issued a report through its own, South China Morning Post, stating the government’s displeasure. The issue arose when the intelligence firm failed to inform the government first about the situation. This resulted in a six-month suspension whereby all collaboration with the cloud-based firm will cease. At the end of the duration of the suspension, the government is to make another assessment and issue a report which will determine whether the partnership with Alibaba Cloud will resume or not. The report also cited other local media reports which stated that the suspension could have some negative impacts on Alibaba’s business opportunities in the future.
The Chinese government passed a law that requires all its citizens to pass any information they find on zero-day vulnerabilities to the government. The law which was passed this year, states that any security flaws may be disclosed to the vendors who are directly affected. However, this information may not be sold or issued to third parties outside the country.
The publication also went ahead to clear up the stipulated government regulations and requirements. One such regulation is that Chinese companies have the obligation of informing the government about any vulnerabilities they find in their software. As of other vendors, they are simply encouraged to report the flaws, malware, and other vulnerabilities found in their products.
The giant tech company was approached by the SecurityWeek team for further information. As soon as Alibaba gives any new comment or issues any new information, this article will be updated.
Peculiar trends and patterns have been noticed since the exploitation attacks began. The majority of the cybercriminals and threat actors are believed to be government-sponsored. Many are believed to be sponsored by the Chinese government.
Log4Shell can exploit all sorts of people or even institutions. There were confirmed reports issued recently concerning a breach in the Belgian military database systems. This makes it the first governmental department that has admitted to being attacked and affected by the Log4Shell malware.
The Department of Cyber Security and Infrastructure Security Agency (CISA) in the US issued an emergency directive. The order was directed to different federal agencies. The instructions were to mitigate the vulnerabilities by December, 23rd. This follows the spike in the exploitation of the malware when the information was publicly disclosed.
There has also been a spike in Log4j vulnerabilities. The latest vulnerability discovered is a high-severity denial-of-service flaw. It was dispatched recently in a 2.17.0 version release.
Source : HackerCombat