Type to search

Chinese Ministry Axes Alibaba Cloud Deal Over Late Bug Report

MIIT said it received a report from a third party about the issue, prompting officials to suspend a cooperative partnership

Jeff Zhang, Alibaba's chief technology officer, holds a new self-developed AI chip at the 2019 Alibaba Cloud Computing Conference in Hangzhou. Photo: Reuters.


Chinese regulators on Wednesday suspended an information-sharing partnership with Alibaba Cloud Computing, a subsidiary of e-commerce conglomerate Alibaba Group, over accusations it failed to promptly report and address a cybersecurity vulnerability, according to state-backed media reports.

Alibaba Cloud did not immediately report vulnerabilities in the popular, open-source logging framework Apache Log4j2 to China’s telecommunications regulator, citing a recent notice by the Ministry of Industry and Information Technology (MIIT).

Alibaba Cloud recently discovered a remote code execution vulnerability in the Apache Log4j2 component, notifying the US-based Apache Software Foundation, according to the statement.

An employee, Chen Zhaojun, emailed the open-source software’s volunteer development team Apache Software Foundation, to report the bug, which threatened the security of millions of computers. Experts around the world’s hailed Chen’s initiative.

“Mad props to Chen Zhaojun of Alibaba Cloud Security for responsibly disclosing the #log4j vulnerability in private directly to the log4j developers, so that a patch to log4j was released by December 6, several days before the vulnerability went public,” said Talia Ringer, an assistant professor of computer science at the University of Illinois Urbana-Champaign.

However, MIIT said it received a report from a third party about the issue, rather than from Alibaba Cloud.

Cybersecurity Threats

That prompted MIIT to suspend a cooperative partnership with the cloud unit regarding cybersecurity threats and information-sharing platforms.

The partnership would be reassessed in six months and revived depending on the company’s internal reforms, the notice said.

This latest measure highlights Beijing’s desire to strengthen control over key online infrastructure and data in the name of national security.

The Chinese government has asked state-owned companies to migrate their data from private operators such as Alibaba and Tencent to a state-backed cloud system by next year.

The suspension highlights Beijing’s concern at a vulnerability that has triggered a wave of panic among corporations and governments around the world.

Alibaba Cloud declined to comment on the suspension.


  • Reuters, with George Russell




Crypto Platform Poly Network Rewards Hacker with Big ‘Bug Bounty’

Tesla Pulls Full Self-Driving Beta Due To Software Issues

Fake bullion scam highlights bitcoin’s benefits



George Russell

George Russell is a freelance writer and editor based in Hong Kong who has lived in Asia since 1996. His work has been published in the Financial Times, The Wall Street Journal, Bloomberg, New York Post, Variety, Forbes and the South China Morning Post.


AF China Bond