Security News > 2022 > November > China is likely stockpiling and deploying vulnerabilities, says Microsoft
Microsoft has asserted that China's offensive cyber capabilities have improved, thanks to a law that has allowed Beijing to create an arsenal of unreported software vulnerabilities.
China's 2021 law required organizations to report security vulnerabilities to local authorities before disclosing them to any other entity.
A year later, researchers from the Atlantic Council found there was a decrease in reported vulnerabilities coming from China - and an increase in anonymous reports.
"The increased use of zero days over the last year from China-based actors likely reflects the first full year of China's vulnerability disclosure requirements for the Chinese security community and a major step in the use of zero-day exploits as a state priority," said [PDF] Microsoft.
Microsoft listed several vulnerabilities it said were first developed and deployed by Chinese actors before they were discovered and adopted by other attackers.
The targeting of 100 accounts affiliated with a prominent Southeast Asia intergovernmental organization by Gallium as the org announced meetings between the US government and regional leaders; Malware from Gadolinium on Solomon Islands government systems and malicious code from Radiumon in Papua New Guinea's telecommunications networks - both likely for intelligence collection purposes as Solomon Islands and China entered a military agreement; Campaigns targeting nations across the global South in line with its Belt and Road Initiative, including Namibia, Mauritius, and Trinidad and Tobago, among others, even as China considers countries like Trinidad and Tobago important partners in the region.