Chinese Regulators Suspend Partnership With Alibaba Cloud | Business and Economy

The Ministry of Industry and Information Technology said the company did not promptly report a cybersecurity vulnerability.

Chinese regulators have suspended an information-sharing partnership with Alibaba Cloud Computing, a subsidiary of e-commerce conglomerate Alibaba Group, over accusations that it failed to report and promptly fix a cybersecurity vulnerability, according to reports. state-supported media.

According to the 21st Century Business Herald, Alibaba Cloud did not immediately report vulnerabilities in popular open source logging framework Apache Log4j2 to the Chinese telecommunications regulator, citing a recent notice from the Ministry of Industry and Information Technology ( MIIT).

In response, MIIT suspended a cooperative partnership with the cloud unit regarding cybersecurity threats and information sharing platforms, which will be reassessed in six months and relaunched based on internal company reforms, according to the company. ‘opinion.

The latest move on Wednesday underscores Beijing’s willingness to tighten control over key online infrastructure and data in the name of national security. The Chinese government has asked state-owned companies to migrate their data from private operators such as Alibaba and Tencent to a state-backed cloud system by next year.

The suspension highlights Beijing’s concern over a vulnerability that has sparked panic among businesses and governments around the world. Apache Log4j2 is a Java tool widely used in business systems and web applications.

“High risk vulnerability”

“This vulnerability can lead to remote control of the equipment, which can lead to serious damage such as the theft of sensitive information and the interruption of equipment services. It’s a high-risk vulnerability, ”the telecommunications regulator said in a statement last week.

Alibaba Cloud recently discovered a remote code execution vulnerability in the Apache Log4j2 component, advising the US Apache Software Foundation, the statement said.

MIIT said it then received a third-party report on the issue, rather than Alibaba Cloud.

Alibaba Cloud declined to comment on the suspension.

Comments are closed.