China has made a strong claim against the United States. It says U.S. cyber groups used an old bug in Microsoft’s email servers to hack into its defense systems.
China Claims U.S. Hacked Defense Firms Using Microsoft Bug
According to a statement from China’s Cyber Security Association, the attackers controlled the email servers of a major defense company for almost a year.
This group is supported by China’s top internet watchdog, the Cyberspace Administration of China. While the group did not name the U.S. organizations or Chinese companies involved, it said the hackers were clearly linked to U.S. government-backed operations.
The attacks reportedly took advantage of weaknesses in Microsoft Exchange. This is a popular tool used by many companies to manage email. China believes these flaws helped the U.S. gather secret military information and launch more attacks on its defense sector.
This isn’t the first time Microsoft Exchange has been involved in global cyber conflicts. In past years, Microsoft has also blamed Chinese hackers for similar attacks. But now, China is turning the tables and pointing the finger back at the U.S.
Microsoft’s Exchange and SharePoint Caught in Crossfire
Microsoft has often found itself in the center of cyberattack stories. In 2021, it said Chinese hackers broke into tens of thousands of its Exchange servers across the world. In 2023, another Microsoft Exchange attack reportedly gave Chinese hackers access to emails of senior U.S. officials.
That 2023 breach led to a major review by the U.S. government. The review blamed Microsoft for what it called a “cascade of security failures.” It said Microsoft failed to protect its systems properly, allowing the attackers to get in
💻 Digital Espionage Crisis—China-Linked Hackers Slip Past Microsoft Defenses, Steal Encryption Keys
More recently, in July, Microsoft revealed that Chinese hackers used a different product—called SharePoint—to carry out fresh attacks. SharePoint is used by many offices to store and share files. Microsoft believes that state-sponsored groups in China are behind these latest incidents.
In response to these new accusations, some cybersecurity experts believe that China’s latest statements are a pushback. They say China is trying to show the world that it’s not the only country behind cyberattacks. According to them, every country runs offensive cyber programs, and China is simply pointing out that the U.S. does it too.
China Steps Up Public Accusations Against U.S.
China has usually remained silent about American spying. While the U.S. has published names of alleged Chinese hackers and filed charges, China often avoided doing the same. But this seems to be changing.
Earlier this year, China claimed that U.S. spies hacked into systems during the Asian Winter Games held in Harbin. These systems contained personal data of many people who attended the event. China also released documents saying the attackers were linked to the U.S.’s top spying agency.
In other recent incidents, China also made claims about cyberattacks from Taiwan. It said these attacks were meant to disrupt its systems and create tension. Taiwan is a self-governing island, but China considers it part of its territory.
Experts believe China is now using public statements more often to call out other countries. It may be doing this to influence the global conversation about cybersecurity. By naming the U.S. in its latest statement, China is making it clear that it wants to be seen as a victim of cyberattacks—not just a suspect.
So far, U.S. officials have not responded to these new claims. The U.S. embassy in Beijing has remained silent, and no comments have been made by American authorities. The situation may continue to develop, especially as both countries keep exchanging blame over cyber matters.
For now, the claims add more fuel to the ongoing digital cold war between two of the world’s biggest powers.
