美情报机构频繁对我国防军工领域实施网络攻击窃密

Core Insights - The article highlights the increasing focus of U.S. intelligence agencies on cyber espionage targeting China's high-tech military and defense sectors, posing significant threats to national security [1] Group 1: Cyber Attacks on Military Enterprises - From July 2022 to July 2023, U.S. intelligence agencies exploited a zero-day vulnerability in Microsoft Exchange to attack a major military enterprise, controlling its email server for nearly a year [2] - The attackers controlled over 50 critical devices within the enterprise's internal network and implanted a data theft weapon on an external server, aiming for persistent control [2] - The attack involved over 40 attempts using IP addresses from countries like Germany, Finland, South Korea, and Singapore, resulting in the theft of emails from 11 individuals, including high-level personnel, related to military product designs and core parameters [2] Group 2: Exploitation of Electronic File System Vulnerabilities - Between July and November 2024, U.S. intelligence agencies targeted a military enterprise in the communication and satellite internet sector, utilizing unauthorized access and SQL injection vulnerabilities [3] - The attackers implanted a backdoor program on the enterprise's electronic file server and subsequently delivered a data theft Trojan to control over 300 devices, specifically searching for sensitive data related to military networks [3] - The use of multiple foreign IP addresses and techniques to delete logs and detect machine status indicates a high level of sophistication and strategic intent from the attackers [3] Group 3: Statistics on Cyber Attacks - In 2024, there were over 600 cyber attack incidents against important units in China, with the defense and military sector being the primary target [4] - U.S.-backed hacker organizations leverage established cyber attack teams, extensive engineering support systems, and systematic attack equipment, posing severe threats to China's cybersecurity [4]