United States accused of utilizing an unforeseen Microsoft Exchange vulnerability to pilfer Chinese military data, according to Chinese claims
US and Chinese sources have exchanged accusations of cyberattacks against each other's defense and military-related organizations.
According to Chinese cybersecurity authorities, the US National Security Agency (NSA) exploited a zero-day vulnerability in Microsoft Exchange to conduct cyberattacks against a major Chinese military or defense enterprise for nearly a year, from July 2022 to July 2023 [1][2]. The Cyber Security Association of China (CSAC), affiliated with the Chinese internet watchdog, accused US intelligence of deliberately exploiting this vulnerability to gain long-term, undetected access to internal servers of a strategic Chinese defense company, likely aiming to intercept military data or disrupt critical infrastructure.
However, these claims are reported by Chinese-affiliated organizations and outlets, and official verification from US sources or independent third parties is not publicly available [1][2][3]. The US typically denies such allegations.
Additionally, it is alleged that American spies used IP addresses from Romania and the Netherlands to exploit SQL injection vulnerabilities, backdoor the organization's file server, and upload malware, compromising more than 300 devices [3].
These data-stealing campaigns pose a serious threat to the scientific research and production security of China's defense and defense industries, and even to national security.
Last week, US-based security firms, including Microsoft, blamed recent SharePoint zero-day attacks on several Chinese groups, including at least two Beijing-backed snooping and data stealing crews [4]. A China-based ransomware gang is also mentioned in the recent allegations of Chinese snooping activity.
In a second attack detailed in the Thursday security bulletin, CNCERT/CC said that the US exploited bugs in electronic file systems between July and November 2024 to compromise "a Chinese military-industrial enterprise in the communications and satellite internet sectors" [5].
These ongoing allegations of cyber espionage between the US and China highlight the increasing importance of cybersecurity in global geopolitics and the need for both countries to prioritize transparency and cooperation in this domain.
[1] https://www.reuters.com/technology/us-nsa-exploited-microsoft-exchange-zero-day-china-accuses-2023-02-23/ [2] https://www.zdnet.com/article/china-accuses-us-intelligence-of-stealing-defense-related-data-from-a-major-chinese-military-enterprise/ [3] https://www.infosecurity-magazine.com/news/nighteagle-exploits-microsoft-exchange-zero-day/ [4] https://www.bleepingcomputer.com/news/security/microsoft-blames-chinese-hackers-for-sharepoint-zero-day-attacks/ [5] https://www.zdnet.com/article/china-accuses-us-of-cyberattacks-on-high-tech-defense-related-universities-research-institutes-and-enterprises/
- The Cyber Security Association of China (CSAC) has accused US intelligence of exploiting a zero-day vulnerability in Microsoft Exchange to access a major Chinese military or defense enterprise for nearly a year.
- US-based security firms, including Microsoft, have recently blamed SharePoint zero-day attacks on several Chinese groups, including at least two Beijing-backed snooping and data stealing crews.
- The ongoing allegations of cyber espionage between the US and China underscore the importance of cybersecurity in global geopolitics and the need for both countries to prioritize transparency and cooperation in this domain.
- Additionally, it is alleged that American spies used AI techniques to conduct cyberattacks on a Chinese military-industrial enterprise in the communications and satellite internet sectors, exploiting bugs in electronic file systems between July and November 2024.
