← Back to stories Close-up of Scrabble tiles spelling 'data breach' on a blurred background
Photo by Markus Winkler on Pexels
凤凰科技 2026-03-17

Over 390,000 sites exposed — DingTalk CEO warns OpenClaw can steal keys or deploy trojans

What happened

It has been reported that DingTalk (钉钉) CEO publicly warned about the misuse of a tool called OpenClaw, saying roughly 15% of its capabilities could be used to steal cryptographic keys or to deploy trojans. At the same time, the report states that more than 390,000 internet-facing sites are exposed in ways that OpenClaw can scan or exploit. DingTalk is Alibaba’s enterprise messaging and collaboration platform used widely across Chinese companies, schools and government agencies — so any vulnerability discussion draws immediate operational concern.

The technical claim

OpenClaw is described in the report as a security-testing/automation framework that can be repurposed for offensive activity; the CEO’s remark singled out a small but dangerous subset of functions that, if weaponized, enable credential theft or malware insertion. These are serious capabilities because key theft can lead to persistent access across cloud services and internal networks, and trojans can turn a single compromise into a long-term intrusion. It has been reported that the exposure figure — over 390,000 sites — refers to reachable targets that the tool can enumerate, though detailed forensics and independent verification have not been released.

Why Western readers should care

This is not just a domestic Chinese story. Supply‑chain and software security are global problems: tools developed for red‑teaming routinely surface in attacker toolkits, and the line between defensive and offensive use is porous. Western companies that do business in or with China — or that rely on Chinese cloud or collaboration services — should take notice. Geopolitical context matters too: amid ongoing export controls, sanctions and heightened scrutiny of Chinese tech firms, debates about the trustworthiness and auditability of software components have become more acute.

What’s next

It has been reported that the DingTalk CEO urged stronger controls and greater transparency; independent audits, key rotation, and rapid patching are immediate mitigations experts typically recommend. Will enterprises accelerate zero‑trust practices and cut reliance on single vendors? That remains to be seen. For now, the incident is a fresh reminder that tooling intended to strengthen security can become an attack multiplier if exposures are not aggressively managed.

Policy
View original source →