Microsoft, along with several other leading technology companies such as Google, has long had systems in place aimed at providing early warnings for cybersecurity threats. These systems are designed to share vital intelligence regarding security vulnerabilities with businesses, allowing them to take preventative measures before cyber-attacks occur. This collaborative approach has been seen as an essential tool in the ongoing fight against increasingly sophisticated cyber threats.
In line with this, Microsoft had previously hosted a platform designed to share critical security intelligence with various governments worldwide, including China. The platform, known as the Microsoft Active Protections Program (MAPP), allowed Microsoft to share information regarding vulnerabilities discovered in its software with trusted entities to help them strengthen their defenses.
However, in a recent and significant shift in policy, Microsoft has officially announced that it will no longer share any cybersecurity vulnerability information with China. The decision comes after new intelligence from Microsoft’s security teams revealed that Beijing was allegedly involved in a cyber-attack campaign targeting Microsoft’s SharePoint servers. The attack, which the company claims was backed by the Chinese government, has raised serious concerns about the misuse of shared vulnerability data.
The Alleged Attack: From Leak to Exploitation
The breach was first suspected after Microsoft discovered that information shared through its MAPP program had been somehow connected to activities within China. It became clear when a leak occurred, followed by an infiltration campaign targeting the company’s SharePoint servers. This breach potentially exposed the data of several high-profile companies, including Google and Salesforce.
The incident reportedly took place on July 7, 2025, after Microsoft’s MAPP program had circulated details of specific vulnerabilities at the end of June 2025. This leak provided hackers with critical insights into weak points in Microsoft’s infrastructure, enabling them to exploit the vulnerabilities and launch a highly targeted attack. According to Microsoft, the attack was linked to the Chinese government’s ongoing cyber operations.
In response, Microsoft has announced that it has gathered sufficient evidence indicating that Beijing was behind the attack on its SharePoint servers. The company claims that the data from MAPP, which had been shared globally, was used by Beijing-backed hackers to mount their attack. As a result, Microsoft has now taken the drastic step of severing all future cybersecurity collaboration with China, particularly around the sharing of proof-of-concept codes, which were meant to help administrators bolster security.
China’s Denial and Microsoft’s Stand
In typical fashion, Beijing has categorically denied any involvement in the hacking campaign. Chinese officials have dismissed the allegations, labeling them as part of a Western strategy to malign China’s image on the global stage. The Chinese government claims that these accusations are unfounded and politically motivated.
Despite this denial, Microsoft remains resolute in its decision, stating that its cybersecurity intelligence-sharing platform was compromised and that the risk of further attacks was too great. The company’s move to halt the sharing of vulnerability intelligence with China is seen as a defensive measure designed to prevent further exploitation of sensitive information.
By blocking access to its security data, Microsoft aims to safeguard not only its own systems but also the businesses that rely on its software. As Microsoft explains, sharing proof-of-concept codes—essentially detailed instructions on how to exploit vulnerabilities—was meant to be a constructive tool for network administrators. However, the company now believes that these codes could potentially fall into the wrong hands, enabling hackers to breach secure networks for malicious purposes.
Data Leak and Employee Earnings Spreadsheet Sparks Further Controversy
In a related incident, a spreadsheet detailing the salaries, stock options, and bonuses of Microsoft employees has recently made its way across social media platforms, sparking heated discussions online. The data, which purportedly shows pay rises for Microsoft employees, was circulated by a group of workers who wanted to highlight how much the company offers to its employees in terms of compensation.
However, some online users on Reddit have speculated that the leaked spreadsheet could be tied to the same Chinese hacking campaign, suggesting that the hackers may have infiltrated Microsoft’s systems and stolen sensitive internal data. This theory was further fueled by the timing of the leak, which coincided with the previously mentioned breach in July 2025.
Despite these rumors, Microsoft has clarified that the leaked spreadsheet is unrelated to the breach involving China. The company confirmed that the data was not stolen by hackers but was instead shared by a group of employees who wanted to shed light on Microsoft’s compensation structure. The spreadsheet was not part of the sensitive data compromised during the cyber-attack.
This incident, however, has added fuel to the fire of ongoing concerns about the level of cybersecurity risk that large tech companies face and the potential for internal leaks to complicate the picture further.
A Shift in Cybersecurity Diplomacy
Microsoft’s decision to cut ties with China over the breach highlights a broader shift in how cybersecurity is being handled at a global level. As nations become more digitally interconnected, the risks associated with cybersecurity breaches—especially those that involve state-sponsored actors—are escalating. The decision to block China’s access to critical vulnerability intelligence is a reflection of growing distrust between governments and a recognition of the importance of protecting sensitive data at all costs.
As cyber-attacks grow in scale and sophistication, companies like Microsoft are being forced to re-evaluate how they share information and with whom. This latest move, although controversial, underscores the growing importance of securing digital infrastructure in a world where the lines between cyber espionage and legitimate business operations are increasingly blurred.
Join our LinkedIn group Information Security Community!
