Particle.news

Download on the App Store

China Accuses US of Exploiting Microsoft Flaws to Penetrate Military Networks

Beijing’s military cyber agencies unveiled details of two campaigns targeting defense firms over nearly two years

The Cyber Security Association of China said that US actors had been linked to two major cyberattacks on Chinese military companies without naming them.
Illustration: Sarah Grillo/Axios
Image

Overview

  • On August 1, China’s Cyber Security Association and CNCERT/CC accused US intelligence of exploiting a Microsoft Exchange zero-day from July 2022 to July 2023 to breach a major military enterprise’s email servers.
  • Investigators say the Exchange exploit enabled attackers to seize the organization’s domain controller and compromise over 50 devices, stealing defense-related data and emails from senior executives.
  • In a separate operation between July and November 2024, US agencies are alleged to have exploited file-system vulnerabilities to infiltrate a Chinese communications and satellite internet firm and exfiltrate sensitive information.
  • The cyber watchdog claims intruders used proxy IP addresses in Germany, Finland, South Korea and Singapore to launch more than 40 attacks and pilfer design plans from at least 11 individuals.
  • The US government has declined to comment on the allegations while Microsoft continues patching the affected server vulnerabilities amid intensifying digital rivalry.