Overview
- On August 1, China’s Cyber Security Association and CNCERT/CC accused US intelligence of exploiting a Microsoft Exchange zero-day from July 2022 to July 2023 to breach a major military enterprise’s email servers.
- Investigators say the Exchange exploit enabled attackers to seize the organization’s domain controller and compromise over 50 devices, stealing defense-related data and emails from senior executives.
- In a separate operation between July and November 2024, US agencies are alleged to have exploited file-system vulnerabilities to infiltrate a Chinese communications and satellite internet firm and exfiltrate sensitive information.
- The cyber watchdog claims intruders used proxy IP addresses in Germany, Finland, South Korea and Singapore to launch more than 40 attacks and pilfer design plans from at least 11 individuals.
- The US government has declined to comment on the allegations while Microsoft continues patching the affected server vulnerabilities amid intensifying digital rivalry.