Technology

China Says US Exploited Microsoft Exchange Flaw to Breach Its Defense Firms

China’s Cyber Security Association alleges US-linked actors exploited Microsoft Exchange vulnerabilities to infiltrate a major defence contractor for nearly a year, marking one of the rare public attributions of cyberattacks to Washington amid ongoing SharePoint leak scrutiny

China Says US Exploited Microsoft Exchange Flaw to Breach Its Defense Firms
info_icon
Summary
Summary of this article
  • China’s Cyber Security Association accuses US actors exploiting Exchange vulnerabilities

  • Alleged exploit stole Chinese defence companies’ military data over nearly a year

  • Microsoft investigates SharePoint leaks amid suspected insider misuse in MAPP program

  • Sino-US cyber contest underscores fragility of early-warning systems and governance

China’s Cyber Security Association, backed by the Cyberspace Administration of China, on Friday accused US actors of exploiting vulnerabilities in Microsoft Exchange email servers to steal military data and mount cyberattacks against Chinese defence companies, Bloomberg reported.

According to the report, US-linked hackers infiltrated a major defence contractor’s Exchange infrastructure and maintained control for nearly a year.

The allegations mark a rare case of China publicly attributing cyber intrusions to the United States. In response, Western experts note that “every nation state” engages in offensive cyber operations. Jon Clay, vice‑president of threat intelligence at Trend Micro, observed: “I’m assuming… because of the recent SharePoint vulnerability that Microsoft attributed to China, they are coming out and saying…the US has been targeting us.”

Microsoft’s SharePoint Under Scrutiny

China’s disclosure comes just days after Microsoft disclosed it was investigating whether leaks from its Microsoft Active Protections Program (MAPP) enabled Chinese state‑backed groups, “Linen Typhoon” and “Violet Typhoon”, to exploit a critical flaw in its SharePoint file‑sharing software before patches were fully effective.

Those exploits were first publicly demonstrated in May, and despite initial fixes in July, attackers began probing on‑premises servers by July 7 suggesting incomplete remediation.

MAPP provides vetted security partners with early vulnerability details and proof‑of‑concept exploits under strict non‑disclosure agreements. Members were informed of the SharePoint issue on June 24 July 3 and July 7 but the rapid onset of real‑world attacks led researchers to speculate that an insider at a MAPP partner in China may have misused the information. Microsoft affirmed it “continually evaluates the efficacy and security of all our partner programmes and makes necessary improvements.”

China’s public attribution follows its broader strategy of shaping international cyber governance. Earlier this year Beijing accused Taiwan and other neighbours of state‑sponsored hacking. Washington meanwhile continues to name alleged Chinese threat actors and pursue criminal charges overseas. With both superpowers racing to establish norms and alliances, incidents like the Exchange and SharePoint breaches underscore the escalating cyber contest and the fragility of early‑warning systems designed to protect critical infrastructure.

As organisations worldwide apply Microsoft’s emergency patches and strengthen defences, the true extent of damage, and the veracity of Beijing’s assertions, may only become clear with further technical forensics and reciprocal transparency from all parties.

Published At:
×