According to state-backed media sources, Chinese regulators stopped an information-sharing collaboration with Alibaba Cloud Computing, an unit of e-commerce powerhouse Alibaba Group, on Wednesday over allegations that it failed to properly identify and remedy a cybersecurity risk.
According to 21st Century Business Herald, citing a recent notification from the Ministry of Industry and Information Technology, Alibaba Cloud did not immediately report vulnerabilities in the popular open-source logging framework Apache Log4j2 to China’s telecoms regulator (MIIT).
According to the notice, MIIT has stopped a working collaboration with the cloud unit regarding cybersecurity risks and information-sharing platforms, which will be examined in six months and reactivated depending on the company’s internal reforms.
This latest move demonstrates Beijing’s desire to tighten control over critical cyber infrastructure and data in the name of national security. The Chinese government has directed state-owned enterprises to shift their data from private cloud providers such as Alibaba and Tencent to a state-backed cloud system by next year.
The suspension demonstrates Beijing’s concern about a vulnerability that has sparked a surge of panic among firms and governments worldwide. Apache Log4j2 is a Java-based tool popular in enterprise systems and web applications.
“This vulnerability may allow remote control of equipment, which could result in catastrophic consequences such as the theft of sensitive information and the disruption of equipment services.” It’s a high-risk vulnerability,” the telecommunications regulator stated last week in a statement.
According to the statement, Alibaba Cloud recently found a remote code execution vulnerability in the Apache Log4j2 component and notified the Apache Software Foundation in the United States.
MIIT stated that it later received a report about the issue from a third party rather than from Alibaba Cloud.
Alibaba Cloud did not respond to a request for comment on the ban.