The accusation, the latest from Beijing, says U.S. intelligence agencies attacked two Chinese military enterprises.
Listen to this article
0:00
Learn more.
This feature uses an automated voice, which may result in occasional errors in pronunciation, tone, or sentiment.
U.S. intelligence agencies launched cyberattacks on two Chinese military enterprises dating back to 2022, in one case exploiting a Microsoft zero-day, China alleged Friday.
The Cyber Security Association of China said that in the first case, U.S. agencies from July of 2022 to July of 2023 “exploited a zero-day vulnerability in Microsoft Exchange Mail to attack and control the mail server of a major Chinese military enterprise for nearly a year,” according to a Google translation of the statement. They then used that access to steal data, the statement continues.
In the second case, the association said the U.S. agencies “launched a cyberattack against a Chinese military enterprise in the communications and satellite internet sectors” from July to November of last year by exploiting vulnerabilities in electronic file systems, where they also stole information. The statement didn’t name either enterprise.
While Chinese allegations of U.S. government hacking have become increasingly common — including a batch of allegations in April and in December of last year — the latest accusation is notable for its assertion that the agencies exploited a zero-day, or previously unknown and unpatched vulnerability, at U.S.-headquarted Microsoft.
Last week, Microsoft accused Chinese government-linked hackers of exploiting zero-days in its Sharepoint product in its own most recent finger-pointing at Beijing.
The Office of the Director of National Intelligence did not immediately respond to a request for comment Friday.
Asked on Fox News in June about Chinese hacking and theft of U.S. intellectual property, President Donald Trump answered bluntly.
“You don’t think we do that to them? We do. We do a lot of things,” Trump said. “That’s the way the world works. It’s a nasty world.”
China has also alleged cyberattacks from other governments, particularly from Taiwan, even as it has focused much of its attention on the United States. It tallied 600 foreign government-level attacks in 2024 alone.
“Hacker groups, particularly those affiliated with US intelligence agencies, leverage established cyberattack teams, extensive supporting engineering systems, a standardized attack equipment arsenal, and robust vulnerability analysis and discovery capabilities to conduct attacks and infiltration against [China’s] critical information infrastructure, important information systems, and key personnel, posing a serious threat to national cybersecurity,” the Friday statement reads.
