Chinese authorities have accused American intelligence agencies of intensifying cyber-espionage operations in recent years against institutions and companies related to high-tech sectors, especially in the defense sphere.
UNN reports with reference to EFE and Bloomberg Linea.
Details
The China Cybersecurity Association stated on Friday that US representatives are linked to two major cyberattacks on Chinese military companies. According to the conclusion of Chinese cybersecurity experts, these actors used vulnerabilities in Microsoft Exchange to control the servers of a key company in China's defense sector. They did this for almost a year, the association added.
Reference
The association is a little-known organization supported by the powerful Cyberspace Administration of China.
It also refers to the report of the China National Computer Emergency Response Team Coordination Center.
Targeted attacks on universities, research institutes, and military-industrial complex companies were detected
The Ministry of Industry and Information Technology of China reported that the actions were allegedly aimed at obtaining classified information related to the design, development, and production of military equipment.
The first of these allegedly occurred between July 2022 and July 2023, when a group, allegedly linked to US intelligence services, used an undisclosed vulnerability in the Microsoft Exchange email system to access the internal network of a defense industry company.
Microsoft's reaction - they also feel threatened and complain about China's actions
The Redmond, Washington-based company has repeatedly accused China of major cyberattacks involving Microsoft Exchange.
- in 2021, a suspected Chinese operation compromised tens of thousands of Microsoft Exchange servers;
- in 2023, another alleged Chinese attack on Microsoft Exchange compromised the email accounts of high-ranking US officials.
In a US government review, Microsoft was accused of a "cascade of security failures" stemming from the 2023 incident.
Recall
Microsoft analysts have discovered that the Russian cyber-espionage group Turla (Secret Blizzard) is attacking foreign embassies in Moscow using local internet providers. The hackers disguise malware as Kaspersky antivirus.