According to state-backed media reports, Alibaba Cloud Computing’s information-sharing partnership was put to an end on Wednesday by Chinese watchdogs, following allegations of neglecting to report and tackle a cyber threat.
The 21st Century Business Herald reported that the subsidiary of the e-commerce giant failed to promptly report weaknesses in the famous, open course logging framework Apache Log4j2 to Chinese telecommunications regulators.
Apache Log4j is a Java-based logging utility initially written by Ceki Gulcu. It is a part of the Apache Logging Services, the Apache Software Foundation project. Log4j is one of many Java logging frameworks.
The Ministry of Industry and Information Technology (MIIT) was the first to highlight the neglect to report the vulnerability. As a result, MIIT ended the cooperative partnership with the subsidiary.
Due to the cybersecurity risks and data-sharing platforms, MIIT will reconstruct its partnership with Alibaba Cloud Computing in six months following a reassessment, which relies on the company’s inside-reforms, the notice highlighted.
Beijing’s latest severe tactic derives from global fear led by the excessive cyber-attacks corporations and governments are exposed to in our current time. Apache Log4j2 is deemed one of the essential Java-based tools that corporate systems and web applications rely on for their operations.
“This vulnerability may lead to remote control of equipment, which may lead to serious harms such as the theft of sensitive information and interruption of equipment services. It is a high-risk vulnerability,” the regular said in a statement last week.
The Cloud service provider recently unearthed an obscure code execution threat in the Apache Log4j2 section. Once the vulnerability was discovered, the company informed the U.S.-based Apache Software Foundation.
As for MIIT’s discovery of the threat, the Ministry revealed that it was informed of the cyber risks from a third-party informant and not the cloud firm itself.
Alibaba Cloud has yet to release an official statement on the matter; however, it declined to comment to Reuters on the MIIT’s suspension.