China suspends Alibaba Cloud over failure to report internet bug

Beijing: China has suspended Alibaba Cloud’s services for six months after the company failed to report about the serious Internet bug — which has put millions of systems and devices at hacking risk — to the Ministry of Industry and Information Technology (MIIT).

Chinese media outlets report that Alibaba Cloud was suspended after they reported the ‘Log4J’ vulnerability to its provider Apache before the ministry.

“Recently, after discovering serious security vulnerabilities in the ‘Apache Log4j2’ component, Alibaba Cloud failed to report to the telecommunications authorities in a timely manner and did not effectively support the Ministry of Industry and Information Technology to carry out cyber security threats and vulnerability management,” according to local media reports.

According to 21st Century Business Herald, the cyber security administration of the MIIT “was suspending its information-sharing partnership with Alibaba Cloud for six months, specifically citing the failure to report Log4J as the reason why,” reports ZDNet.

Cyber criminals are making thousands of attempts to exploit vulnerabilities involving a Java logging system called ‘Apache log4j2’.

As the world scrambles to plug serious security bugs that can derail the Internet for millions, Google has said that more than 35,000 Java packages, amounting to over eight per cent of the Maven Central repository (the most significant Java package repository), have been impacted by the recently disclosed vulnerabilities with widespread fallout across the software industry.

Meanwhile, China has put into effect a new law that makes it mandatory for all companies to report vulnerabilities to state regulators within two days.

In November, the Cyberspace Administration of China unveiled new laws that reclassified data, along with multiple sets of fines for violations of its policy.

Alibaba was hit with a record fine of 18.2 billion yuan and 33 other mobile apps have faced criticism from Beijing for their data collection policies.

Last month, China’s market regulator fined tech giants Alibaba, Baidu, Tencent and e-commerce platform JD.com Inc and Suning for violating the country’s anti-monopoly rules in 34 mergers and acquisitions (M&A) deals which they failed to declare illegal implementation of operating concentration, marking the latest move in the nation’s fight against monopoly.