NEWS  /  Brief News

China Accuses U.S. of Weaponizing Microsoft Exchange Flaw in Cyberattacks

Aug 01, 2025, 12:02 a.m. ET

AsianFin -- China has accused the United States of exploiting a long-known vulnerability in Microsoft Corp.’s email servers to carry out cyberattacks and steal sensitive data from its defense sector.

The Cyber Security Association of China said Friday that U.S.-linked actors used flaws in Microsoft Exchange to infiltrate and control the servers of a key Chinese military-related company for nearly a year. The group, which is backed by the Cyberspace Administration of China, said the attacks targeted two major firms but did not name them.

The allegations mark a reversal of roles in the long-running cyber blame game. Microsoft has repeatedly attributed major cyberattacks on its Exchange software to Chinese groups. In 2021, a campaign linked to China allegedly compromised tens of thousands of Exchange servers globally. In 2023, another suspected Chinese breach accessed senior U.S. officials’ email accounts, prompting a U.S. government probe that later faulted Microsoft for a “cascade of security failures.”

Please sign in and then enter your comment