Alibaba Cloud was suspended for 6 months from the cybersecurity cooperation unit of the Ministry of Industry and Information Technology for failing to report high-risk vulnerabilities in Apache Log4j2

Recently, after discovering serious security vulnerabilities in the Apache Log4j2 component, Alibaba Cloud failed to promptly report to the telecommunications authorities and did not effectively support the Ministry of Industry and Information Technology to carry out cyber security threats and vulnerability management. After research, Alibaba Cloud is now suspended for 6 months as a partner of the Ministry of Industry and Information Technology's cyber security threat information sharing platform. After the suspension period expires, according to Alibaba Cloud's rectification situation, study the restoration of the aforementioned cooperative units.

It is understood that the vulnerability of Apache Log4j2 was discovered by the Alibaba Cloud team. On November 24, the Alibaba Cloud security team reported the Apache Log4j2 remote code execution vulnerability to Apache. Because the Log4j2 component has a JNDI injection flaw when processing program log records, unauthorized attackers can use this vulnerability to send carefully constructed malicious data to the target server, trigger the analysis flaws of the Log4j2 component, and achieve arbitrary code execution on the target server. Target server permissions.

However, did not receive the relevant cybersecurity professional organization report 161c2b6d04425b until December 9th on the Internet Security Threat and Vulnerability Information Sharing Platform of the Ministry of Industry and Information , organizing response strategies and publicizing the risks. On December 17, the Ministry of Industry and Information Technology reported that could lead to remote control of the device, which could lead to serious damages such as the theft of sensitive information and interruption of device services. It is a high-risk vulnerability. Currently, Apache has officially released patches.

It is understood that since the vulnerability was made public, many websites such as Baidu have been the victims of this execution vulnerability, and many Internet companies have also taken emergency measures overnight.

In addition to this suspension of cooperation, in November this year, the Cyber Security Administration of the Ministry of Industry and Information Technology and the Criminal Investigation Bureau of the Ministry of Public Security also jointly interviewed the relevant persons in charge of Alibaba Cloud and Baidu Cloud, and notified the recent two companies’ Prevent the high number of fraudulent websites that exist in the work of managing telecommunications network fraud.