AsianFin -- China has accused the United States of exploiting a long-known vulnerability in Microsoft Corp.’s email servers to carry out cyberattacks and steal sensitive data from its defense sector.
The Cyber Security Association of China said Friday that U.S.-linked actors used flaws in Microsoft Exchange to infiltrate and control the servers of a key Chinese military-related company for nearly a year. The group, which is backed by the Cyberspace Administration of China, said the attacks targeted two major firms but did not name them.
The allegations mark a reversal of roles in the long-running cyber blame game. Microsoft has repeatedly attributed major cyberattacks on its Exchange software to Chinese groups. In 2021, a campaign linked to China allegedly compromised tens of thousands of Exchange servers globally. In 2023, another suspected Chinese breach accessed senior U.S. officials’ email accounts, prompting a U.S. government probe that later faulted Microsoft for a “cascade of security failures.”