China says US exploited old Microsoft flaw for cyber attacks
Sign up now: Get ST's newsletters delivered to your inbox
Follow topic:
BEIJING – China accused the US of exploiting a flaw in Microsoft’s email servers to steal military data and launch cyber attacks on its defence sector.
The Cyber Security Association of China said in a statement on Aug 1 that US actors had been linked to two major cyber attacks on Chinese military companies, without naming them.
They exploited flaws in Microsoft Exchange to control the servers of a key company in the defence sector for nearly a year, it added. The association is a little-known entity backed by the powerful Cyberspace Administration of China.
Redmond, Washington-based Microsoft has repeatedly blamed China for major cyber attacks involving the same software.
In 2021, an alleged Chinese operation compromised tens of thousands of Microsoft Exchange servers. In 2023, another alleged Chinese attack on Microsoft Exchange compromised senior US officials’ e-mail accounts. A US government review later accused Microsoft of a “cascade of security failures” over the 2023 incident.
And in July, Microsoft said Chinese state-backed hacking groups had exploited vulnerabilities in its SharePoint
“Every nation-state in the world carries out offensive cyber security campaigns against others,” said Mr Jon Clay, vice president of threat intelligence at Trend Micro. “I’m assuming at this point, because of the recent SharePoint vulnerability that Microsoft attributed to China, they are coming out and saying, hey, the US has been targeting us with exploits.”
A spokesperson for the US Embassy in Beijing did not comment on the specific allegations but said in an emailed response on Aug 2 that China is the most “active and persistent cyber threat to US government, private-sector and critical infrastructure networks”.
“Given the significant size and scope of China’s malicious cyber activity, the US government is working with allies and others to counter the threats posed by Salt Typhoon, Volt Typhoon, and other CCP-sponsored malicious cyber actors,” the statement from the embassy added, referring to the Chinese Communist Party.
Mr Ben Read, director of strategic threat intelligence for Wiz.io, in a recent blog noted that “public attribution of cyber activities” was a technique China was using increasingly to pressure Taiwan and shape “the international dialogue around cyber security”.
Earlier in 2025, China had several releases alleging cyberattacks out of Taiwan, a self-governing island that Beijing deems part of its territory.
In April, China accused three NSA employees
While the US has repeatedly published names of alleged Chinese hackers and filed criminal charges against them, China has historically refrained from making similar accusations about American spies. BLOOMBERG
