Here is a summary of the main points from the article on The Register regarding China's accusation against US intelligence:
- Chinese Claims: China has accused US intelligence agencies of exploiting a Microsoft Exchange zero-day vulnerability to steal defense-related data and control more than 50 devices within a major Chinese military enterprise for nearly a year (July 2022–July 2023).
- Details of the Attack: The National Computer Network Emergency Response Technical Team / Coordination Center of China (CNCERT/CC) claims the attackers broke into an email server of the military enterprise, gained control of the domain controller, and then used it to control dozens of other intranet devices.
- Methods: The attackers allegedly used WebSocket within SSH tunnels and other covert channels to exfiltrate data. They reportedly launched attacks from IP addresses in several countries (Germany, Finland, South Korea, Singapore) and stole emails from 11 people, including senior executives, with content related to Chinese military products’ design and systems.
- Broader Context: These claims were made as part of a pattern of mutual accusations. The US and security firms had recently blamed Chinese groups for exploiting SharePoint and other enterprise platforms, and Chinese cyber-espionage.
- Second Incident: CNCERT/CC also describes another attack in late 2024 where US spies allegedly exploited vulnerabilities in file systems of a Chinese communications/satellite enterprise, gaining access to 300+ devices and searching for military network data.
- No Comment: Microsoft and the US National Security Agency did not respond to requests for comment.
- No Specific Vulnerability Named: The alert does not specify the exact Microsoft Exchange zero-day or name the compromised organizations.
Source: theregister.com China: US spies used Microsoft Exchange 0-day to steal info
