China accuses the United States of exploiting a vulnerability in Microsoft Exchange for years to gain access to the systems of Chinese defense companies.
The allegation comes from the Cyber Security Association of China (CSAC), an organization affiliated with the Chinese internet watchdog.
According to the CSAC, US actors deliberately exploited a vulnerability in Microsoft Exchange to break deep into the IT systems of a strategic defense company in China. The attackers are said to have gained access to internal servers for months without being detected, possibly with the aim of intercepting military data or disrupting critical infrastructure. The CSAC speaks of “long-term control over core systems” and claims that the leak was deliberately exploited by the US in the context of offensive cyber operations. The statement does not name specific companies or perpetrators. However, the original report cannot be publicly verified through official channels of the organization.
China also a very active cyber attacker
The accusation comes at a time when specialists are repeatedly linking China to cyberattacks. Microsoft and US authorities have repeatedly held the country responsible for large-scale hacks, including the Exchange attacks in 2021, which affected tens of thousands of servers. In 2023, Chinese actors are said to have gained access to emails from high-ranking US officials.
Earlier this year, China accused three employees of the US intelligence agency NSA of hacking IT systems during the Asian Winter Games in Harbin.
Chinese hackers also active recently
China remains under suspicion. In June, Microsoft reported that a state-sponsored Chinese group had exploited a vulnerability in SharePoint (CVE-2023-29357) to gain access to systems in the US, Europe, and Asia. Researchers at Palo Alto Networks and other security firms point to ongoing activities by Chinese groups such as Storm-0558 and Gallium, which target governments, telecommunications, and cloud infrastructure.
The Chinese influence is not limited to digital attacks alone. According to Techzine, Chinese technology companies use so-called front companies, sometimes disguised as Taiwanese or Singaporean entities, to attract top Western talent. For example, employees of Microsoft and Intel were approached without it being clear that the parties involved were actually controlled by China. This strategy is seen as a way to indirectly gain access to critical knowledge about semiconductors and defense-related technology.
The mutual accusations illustrate how cyber espionage and knowledge transfer via the flanks have become a permanent feature of geopolitical relations between world powers.