In response, the Foreign Office has highlighted these findings as the latest evidence of the US government’s malicious cyber attacks on China, once again showing that the United States is the highest cyber threat China faces.
China’s Cybersecurity Association has pointed out that due to the details of two recent cyberattacks, the US Intelligence Agency has recently been targeting China’s high-tech military industry universities, research institutes and enterprises for cyberattacks and espionage, and attempting to steal research data and sensitive information related to military design, development and manufacturing.
For example, one disclosed case demonstrated how the US intelligence agency can leverage vulnerabilities in the Microsoft Exchange Email System to attack and control email servers of major Chinese defense companies.
From July 2022 to July 2023, the attackers maintained control of the company’s domain controller servers and used it as a pivot to direct over 50 critical internal devices. They planted data-stealing malware on enterprise outward servers with the aim of ensuring permanent control. Additionally, they have established multiple secret channels within the enterprise network for data removal.
During the period, the attackers also launched more than 40 network attacks on businesses by adopting IP addresses originating from various countries such as Germany, Finland, South Korea and Singapore. They then stole emails from 11 individuals, including senior management members and employees, containing sensitive information about the design plans and core system parameters for military industrial products.
Another case occurred between July and November 2024. In this case, the US intelligence agency carried out cyberattacks on Chinese military industrial companies in the communications and satellite internet sector by exploiting vulnerabilities in electronic file systems.
In this example, the attacker used IP addresses in countries, including Romania and the Netherlands, as a pivot to obfuscate offensive identity and true intent.
“U.S. attackers present a highly targeted approach with more secret methods, poses a major threat to research China’s defense and military industry sector, production security, and even national security,” the association said.
It also revealed in 2024 alone that a leading, enduring threat group sponsored by foreign countries launched more than 600 cyberattacks at key Chinese institutions, with a special focus on the defense and military industries.
Foreign Ministry spokesman Guo Zi-Kung said on Friday that the US used allies in nearby European and Chinese cyber attacks to expose hypocrisy over cybersecurity issues.
“China always believes that cybersecurity is a common challenge facing all countries and requires joint responses through dialogue and cooperation,” he said, adding that China will continue to take the necessary steps to protect its own cybersecurity.
rhm/