Core Points - The article highlights the increasing cyber attacks by U.S. intelligence agencies targeting China's military and defense industry, particularly focusing on high-tech military universities, research institutions, and enterprises [1][3] - It details two significant incidents where U.S. intelligence utilized vulnerabilities in Microsoft Exchange and electronic file systems to infiltrate and control Chinese military enterprises, leading to data theft [2][3] Group 1: Cyber Attack Incidents - From July 2022 to July 2023, U.S. intelligence exploited a zero-day vulnerability in Microsoft Exchange to attack a major military enterprise, controlling its domain server and over 50 internal devices, while establishing covert channels for data theft [2] - The attackers used IP addresses from Germany, Finland, South Korea, and Singapore to launch over 40 attacks, stealing emails from 11 individuals, including high-level executives, related to military product designs and core parameters [2] - From July to November 2024, another attack targeted a military enterprise in the communication and satellite internet sector, utilizing unauthorized access and SQL injection vulnerabilities to implant backdoor programs and control over 300 devices [2] Group 2: Strategic Intent and Threat Assessment - The attacks reflect a strong strategic intent from state-level hacker organizations, with a focus on sensitive defense and military information [3] - In 2024, there were over 600 reported cyber attack incidents against important Chinese units, with the defense and military sector being the primary target [3] - U.S. intelligence-backed hacker organizations possess advanced capabilities and systematic attack frameworks, posing a significant threat to China's network security [3]
美情报机构利用微软漏洞攻击中国军工企业窃密