China’s Cyber Security Association accuses US actors exploiting Exchange vulnerabilities
Alleged exploit stole Chinese defence companies’ military data over nearly a year
Microsoft investigates SharePoint leaks amid suspected insider misuse in MAPP program
Sino-US cyber contest underscores fragility of early-warning systems and governance
China’s Cyber Security Association, backed by the Cyberspace Administration of China, on Friday accused US actors of exploiting vulnerabilities in Microsoft Exchange email servers to steal military data and mount cyberattacks against Chinese defence companies, Bloomberg reported.
According to the report, US-linked hackers infiltrated a major defence contractor’s Exchange infrastructure and maintained control for nearly a year.
The allegations mark a rare case of China publicly attributing cyber intrusions to the United States. In response, Western experts note that “every nation state” engages in offensive cyber operations. Jon Clay, vice‑president of threat intelligence at Trend Micro, observed: “I’m assuming… because of the recent SharePoint vulnerability that Microsoft attributed to China, they are coming out and saying…the US has been targeting us.”
Microsoft’s SharePoint Under Scrutiny
China’s disclosure comes just days after Microsoft disclosed it was investigating whether leaks from its Microsoft Active Protections Program (MAPP) enabled Chinese state‑backed groups, “Linen Typhoon” and “Violet Typhoon”, to exploit a critical flaw in its SharePoint file‑sharing software before patches were fully effective.
Those exploits were first publicly demonstrated in May, and despite initial fixes in July, attackers began probing on‑premises servers by July 7 suggesting incomplete remediation.
MAPP provides vetted security partners with early vulnerability details and proof‑of‑concept exploits under strict non‑disclosure agreements. Members were informed of the SharePoint issue on June 24 July 3 and July 7 but the rapid onset of real‑world attacks led researchers to speculate that an insider at a MAPP partner in China may have misused the information. Microsoft affirmed it “continually evaluates the efficacy and security of all our partner programmes and makes necessary improvements.”
China’s public attribution follows its broader strategy of shaping international cyber governance. Earlier this year Beijing accused Taiwan and other neighbours of state‑sponsored hacking. Washington meanwhile continues to name alleged Chinese threat actors and pursue criminal charges overseas. With both superpowers racing to establish norms and alliances, incidents like the Exchange and SharePoint breaches underscore the escalating cyber contest and the fragility of early‑warning systems designed to protect critical infrastructure.
As organisations worldwide apply Microsoft’s emergency patches and strengthen defences, the true extent of damage, and the veracity of Beijing’s assertions, may only become clear with further technical forensics and reciprocal transparency from all parties.
