Particle.news

Microsoft Investigates Possible MAPP Leak After SharePoint Hacks

Investigators are examining whether early alerts to security partners were leaked after emergency patches were released in July.

Overview

  • Microsoft launched an internal investigation on July 25 to determine if details from its Active Protections Programme were shared with Chinese state-sponsored hackers before public patching.
  • Emergency updates for three on-premises SharePoint versions were deployed between July 20 and 22 after initial July fixes failed to stop exploit chains.
  • Exploit attempts first appeared on July 7, coinciding with MAPP notifications on June 24, July 3 and July 7, suggesting a leak window among vetted partners.
  • More than 400 government agencies and corporations worldwide, including the US National Nuclear Security Administration, have been compromised in the large-scale espionage campaign.
  • Microsoft has begun auditing its partner-alert mechanisms and pledged to strengthen controls and transparency across its 17-year-old Active Protections Programme following similar alleged leaks in 2012 and 2021.