This website collects cookies to deliver better user experience. Cookie Policy
Accept
Sign In
The Wall Street Publication
  • Home
  • Trending
  • U.S
  • World
  • Politics
  • Business
    • Business
    • Economy
    • Real Estate
    • Markets
    • Personal Finance
  • Tech
  • Lifestyle
    • Lifestyle
    • Style
    • Arts
  • Health
  • Sports
  • Entertainment
Reading: After Alibaba Spotted Global Software Flaw, Beijing Complains of Delay
Share
The Wall Street PublicationThe Wall Street Publication
Font ResizerAa
Search
  • Home
  • Trending
  • U.S
  • World
  • Politics
  • Business
    • Business
    • Economy
    • Real Estate
    • Markets
    • Personal Finance
  • Tech
  • Lifestyle
    • Lifestyle
    • Style
    • Arts
  • Health
  • Sports
  • Entertainment
Have an existing account? Sign In
Follow US
© 2024 The Wall Street Publication. All Rights Reserved.
The Wall Street Publication > Blog > Tech > After Alibaba Spotted Global Software Flaw, Beijing Complains of Delay
Tech

After Alibaba Spotted Global Software Flaw, Beijing Complains of Delay

Editorial Board Published December 22, 2021
Share
After Alibaba Spotted Global Software Flaw, Beijing Complains of Delay
SHARE

This week, the company found itself in hot water in China for what officials said was its failure to report the Log4j2 software flaw to Beijing in a timely fashion. The Chinese ministry in charge of technology suspended a cybersecurity partnership with Alibaba’s cloud-computing unit over the matter, Chinese state media reported.

Contents
Newsletter Sign-upWSJ Pro Cybersecurity

Newsletter Sign-up

WSJ Pro Cybersecurity

Cybersecurity news, analysis and insights from WSJ’s global team of reporters and editors.


The flaw in Apache Log4j software, a free bit of code that logs activity in computer networks and applications, was made public this month, and it is being exploited by hackers in an attempt to gain access to corporate and government systems. In the U.S., officials said hundreds of millions of devices were at risk and issued an emergency directive ordering federal agencies to take steps to mitigate the threat by Christmas Eve.

Distributed by the nonprofit Apache Software Foundation, Log4j is among the most widely used tools to collect information across corporate computer networks, websites and applications.

Researcher Chen Zhaojun of Alibaba Cloud, a subsidiary of the Hangzhou-based e-commerce company, first reported the vulnerability, a spokeswoman for the Apache Software Foundation said. Mr. Chen is a staffer on Alibaba Cloud’s security team, according to an online Apache logging services security report.

Cybersecurity experts say the general etiquette for researchers who find software flaws is to privately report the vulnerabilities to developers who can issue fixes. Making software flaws or updates public before such patches are in place can set off a race among hackers to take advantage of such issues.

Alibaba declined to comment on Beijing’s allegation of a reporting delay and Mr. Chen’s involvement.

Mr. Chen had called the foundation’s attention to the flaw on Nov. 24, and within a day, Apache—which is run by a team of volunteers—had accepted his report and started researching a fix, the software group said. Apache communicated with Mr. Chen several times over the next two weeks, discussing a possible fix, it said.

By Dec. 9, when Apache was nearly ready to release a patch, Mr. Chen alerted the foundation that users on Chinese chat forums were discussing the flaw, raising the possibility that hackers could already be trying to exploit it, said Gary Gregory, one of the nonprofit’s volunteer developers.

“The timing there was unfortunate,” Mr. Gregory said.

On Wednesday, China’s Ministry of Industry and Information Technology, also known as MIIT, said its cybersecurity threat and information platform would be stopping its cooperation with Alibaba Cloud for six months over the alleged failure by the company to highlight the vulnerability in a timely fashion, the state-run China Daily reported, citing unnamed ministry officials.

Alibaba Cloud is part of a national cybersecurity-threat platform that requires members to promptly report information about such glitches, the report said. Alibaba’s failure to report the Log4j2 flaw to the relevant authorities in a timely manner hindered efforts by China’s MIIT to handle the threat effectively, China Daily reported.

The ministry said it would reassess Alibaba’s corrective measures before resuming its current partnership, China Daily added. MIIT didn’t respond to a faxed request for comment sent after office hours.

Ransomware attacks are increasing in frequency, victim losses are skyrocketing, and hackers are shifting their targets. WSJ’s Dustin Volz explains why these attacks are on the rise and what the U.S. can do to fight them. Photo illustration: Laura Kammermann

Alibaba has faced a number of regulatory headwinds over the past year as Beijing has tightened its control over China’s most influential internet companies. The technology juggernaut was hit with a record $2.8 billion fine for antitrust violations in April and its financial affiliate Ant Group has been forced to restructure according to regulations laid out by China’s central bank.

MIIT said Friday on its website that Alibaba Cloud had recently discovered the Log4j vulnerability and had informed the Apache Foundation about its existence. The statement added that the ministry was informed of the vulnerability through its cybersecurity-threat platform on Dec. 9. It didn’t make clear who filed the reports.

The ministry said it immediately called in cybersecurity experts, including those from Alibaba Cloud, to assess the cybersecurity threat. In the statement, the ministry said the Log4j flaw was a high-risk vulnerability that could lead to equipment being controlled remotely and sensitive information being stolen.

The vulnerability allows hackers to remotely execute code on a target computer to potentially take over devices, install ransomware or create back doors for future attacks. Cybersecurity researchers say they have already observed hackers linked to governments in several countries attempting to exploit the flaw. China was among the countries mentioned, as were Iran, Turkey and North Korea.

A spokesman for the Chinese Embassy in Washington said last week that Beijing opposes cyberattacks of any kind.

Since the flaw’s discovery was made public, technology suppliers such as International Business Machines Corp. and VMware Inc. have said they are deploying patches for software that contains the flaw, while Amazon.com Inc. and Microsoft Corp. have said they are monitoring the issue.

In the European Union, cybersecurity response teams for member countries are closely watching Log4j developments. Belgium’s Defense Ministry said it had shut down parts of its computer network because of cyberattacks linked to the vulnerability.

A top U.S. cybersecurity official described the vulnerability as the worst she had ever seen.

Alibaba, the first Chinese technology provider to make a foray into cloud computing, is China’s largest cloud provider and had 34% of the country’s market in the second quarter of the year, according to researcher Canalys.

—Rachel Liang and Zhao Yueling contributed to this article.

Write to Liza Lin at [email protected] and David Uberti at [email protected]

Copyright ©2021 Dow Jones & Company, Inc. All Rights Reserved. 87990cbe856818d5eddac44c7b1cdeb8

TAGGED:Tech NewsWall Street Publication
Share This Article
Twitter Email Copy Link Print
Previous Article China bans independent religious groups from nation’s internet, outlaws foreign operators China bans independent religious groups from nation’s internet, outlaws foreign operators
Next Article China Evergrande Says State-Backed Risk Team Will Engage With Creditors China Evergrande Says State-Backed Risk Team Will Engage With Creditors

Editor's Pick

Brooke Hogan Written Out of Hulk’s Will (At Her Personal Request)

Brooke Hogan Written Out of Hulk’s Will (At Her Personal Request)

Studying Time: 3 minutes Brooke Hogan isn’t in her dad’s will, a brand new report reveals. Regardless of years of…

By Editorial Board 4 Min Read
6 Greatest Underwear To Stop Chafing For Males in 2025 | Fashion
6 Greatest Underwear To Stop Chafing For Males in 2025 | Fashion

We independently consider all really helpful services. Any services or products put…

15 Min Read
9 Finest Males’s Shorts Manufacturers – Versatile Types For 2025 | Fashion
9 Finest Males’s Shorts Manufacturers – Versatile Types For 2025 | Fashion

We independently consider all advisable services. Any services or products put ahead…

13 Min Read

Oponion

Goal going through retribution at dwelling for rolling again DEI initiatives

Goal going through retribution at dwelling for rolling again DEI initiatives

Former government NYSE ground governor Jay Woods explains why some…

January 29, 2025

Goldberg: ‘South Park’ skewers a brand new sort of sanctimony

In 2003, Andrew Sullivan wrote a…

August 2, 2025

How you can Restore a Microsoft Outlook PST or OST file

SEE: Home windows, Linux, and Mac…

January 12, 2025

Kevin McGarry & Kayla Wallace Discovered Actual Love on Hallmark

Kevin McGarry and Kayla Wallace felt…

September 15, 2024

Aerojet Rocketdyne CEO Poised to Win Proxy Fight Against Executive Chairman

The chief executive of defense supplier…

June 30, 2022

You Might Also Like

The Nintendo Change 2’s Largest Downside Is Already Storage
Tech

The Nintendo Change 2’s Largest Downside Is Already Storage

The Nintendo Change 2 is unbelievable—already a contender for the most important gaming {hardware} launch of 2025. I am nonetheless…

4 Min Read
Clear Your Mattress No Matter How Gross It Will get
Tech

Clear Your Mattress No Matter How Gross It Will get

It’s essential to know easy methods to clear your mattress. Not only for day-to-day cleanliness and hygiene, however let’s say…

4 Min Read
Preserve an Eye on Your Residence With Our Favourite Out of doors Safety Cameras
Tech

Preserve an Eye on Your Residence With Our Favourite Out of doors Safety Cameras

Evaluate These Safety CamerasBest MicroSD Playing cards{Photograph}: AmazonSome safety cameras help native storage, enabling you to file movies on the…

41 Min Read
Hold Tabs on Your Pets and Youngsters With the Finest Indoor Safety Cameras
Tech

Hold Tabs on Your Pets and Youngsters With the Finest Indoor Safety Cameras

Examine Indoor CamerasBest MicroSD Playing cards{Photograph}: AmazonMany safety cameras assist native storage, enabling you to document movies on the digicam…

21 Min Read
The Wall Street Publication

About Us

The Wall Street Publication, a distinguished part of the Enspirers News Group, stands as a beacon of excellence in journalism. Committed to delivering unfiltered global news, we pride ourselves on our trusted coverage of Politics, Business, Technology, and more.

Company

  • About Us
  • Newsroom Policies & Standards
  • Diversity & Inclusion
  • Careers
  • Media & Community Relations
  • WP Creative Group
  • Accessibility Statement

Contact

  • Contact Us
  • Contact Customer Care
  • Advertise
  • Licensing & Syndication
  • Request a Correction
  • Contact the Newsroom
  • Send a News Tip
  • Report a Vulnerability

Term of Use

  • Digital Products Terms of Sale
  • Terms of Service
  • Privacy Policy
  • Cookie Settings
  • Submissions & Discussion Policy
  • RSS Terms of Service
  • Ad Choices

© 2024 The Wall Street Publication. All Rights Reserved.

Welcome Back!

Sign in to your account

Lost your password?