China accused the U.S. of using Microsoft Exchange flaws to hack its defense firms

On Friday, China’s Cyber Security Association said the U.S. used a flaw in Microsoft’s messaging service to steal military intelligence and hit its defense industry.

The group functions as a part of China’s Cyberspace Administration. It said in a Bloomberg report that American operators launched two significant cyberattacks against defense-related enterprises in China. While withholding the firms’ identities, it added that the intruders exploited bugs in Microsoft’s Exchange platform to access the email infrastructure of a principal defense supplier for close to twelve months.

Microsoft, based in Redmond, Washington, has often blamed Chinese government-backed groups for similar attacks.

Back in 2021, what was believed to be a Chinese-led effort breached thousands of its Exchange servers.

By 2023, a separate purported Chinese initiative had seized control of email accounts used by high-ranking U.S. government personnel. A later government assessment criticized Microsoft, stating the 2023 incident revealed a “cascade of security failures.”

In the previous month, Microsoft disclosed that hacking groups tied to China’s government had taken advantage of weaknesses in its SharePoint sharing service.

“Every nation state in the world carries out offensive cybersecurity campaigns against others,” said Jon Clay, vice president of threat intelligence at Trend Micro. “I’m assuming at this point, because of the recent SharePoint vulnerability which was also reported by Cryptopolitan, that Microsoft attributed to China, they are coming out and saying, hey, the U.S. has been targeting us with exploits.”

Officials at the U.S. Embassy in Beijing had not offered an immediate response when contacted.

China is using public hacking claims to pressure Taiwan

In a recent analysis, Wiz.io’s strategic threat intelligence director, Ben Read, observed that Beijing has more frequently used open accusations of hacking to pressure Taiwan and influence global talks on cybersecurity.

At the start of the year, the Chinese government claimed that groups based in Taiwan launched multiple attacks, despite the island’s autonomous governance.

In April, Beijing alleged that three National Security Agency staffers attempted to infiltrate the Harbin Asian Winter Games networks, aiming to harvest extensive personal data. While the U.S. government frequently names and charges alleged Chinese hackers, China has historically held back from publicly accusing American operatives.

SharePoint flaw targets over 90 U.S. agencies

In another development, the Center for Internet Security, a nonprofit that helps state, local, tribal, and territorial governments share cyber threat information, noted this week that a newly disclosed SharePoint vulnerability has drawn the attention of in excess of ninety state and local agencies.

It declined to identify the specific jurisdictions affected.

“None have resulted in confirmed security incidents,” said Randy Rose, the center’s vice president of security operations and intelligence, in an email statement.

This month saw a surge of attacks targeting SharePoint instances with known vulnerabilities, stirring alarm across various government levels.

Dutch cybersecurity firm Eye Security says about 400 organizations may have been hit by the SharePoint attacks. Federal agencies were among the targets, and new cases are surfacing every day.

The U.S. Department of Energy’s Fermi National Accelerator Laboratory was also among the entities flagged by the scans.

According to a lab spokesperson, the intruders attempted to compromise Fermilab’s SharePoint environment but were intercepted promptly, with no confidential or classified information exfiltrated. Initial coverage of the incident appeared via Bloomberg.

The Department of Energy maintains that only a handful of its systems were impacted by the SharePoint flaw.

Get seen where it counts. Advertise in Cryptopolitan Research and reach crypto’s sharpest investors and builders.