China accused the U.S. of exploiting a flaw in Microsoft Corp.’s email servers to steal military data and launch cyberattacks on its defense sector.
The Cyber Security Association of China said in a statement Friday that US actors had been linked to two major cyberattacks on Chinese military companies, without naming them. They exploited flaws in Microsoft Exchange to control the servers of a key company in the defense sector for nearly a year, it added. The association is a little-known entity backed by the powerful Cyberspace Administration of China.
Redmond, Washington-based Microsoft has repeatedly blamed China for major cyberattacks involving the same software. In 2021, an alleged Chinese operation compromised tens of thousands of Microsoft Exchange servers. In 2023, another alleged Chinese attack on Microsoft Exchange compromised senior US officials’ email accounts. A US government review later accused Microsoft of a “cascade of security failures” over the 2023 incident. And last month, Microsoft said Chinese state-backed hacking groups had exploited vulnerabilities in its SharePoint file-sharing software.
Related: Fermi Accelerator Lab Hit in Cyberattack Targeting Microsoft’s SharePoint
“Every nation state in the world carries out offensive cybersecurity campaigns against others,” said Jon Clay, vice president of threat intelligence at Trend Micro. “I’m assuming at this point, because of the recent SharePoint vulnerability that Microsoft attributed to China, they are coming out and saying, hey, the U.S. has been targeting us with exploits.”
Representatives of the US embassy in Beijing did not immediately respond to a request for comment.
Related: Microsoft Knew of SharePoint Security Flaw But Failed to Effectively Patch It, Timeline Shows
Ben Read, director of strategic threat intelligence for Wiz.io, in a recent blog noted that “public attribution of cyber activities” was a technique China was using increasingly to pressure Taiwan and shape “the international dialogue around cybersecurity.” Earlier this year, China had several releases alleging cyberattacks out of Taiwan, a self-governing island that Beijing deems part of its territory.
In April, China accused three NSA employees of hacking the Asian Winter Games held in Harbin, saying they targeted systems that held vast amounts of personal information on people involved in the event. While the US has repeatedly published names of alleged Chinese hackers and filed criminal charges against them, China has historically refrained from making similar accusations about American spies.
