Core Viewpoint - The article highlights the increasing frequency and sophistication of cyberattacks by U.S. intelligence agencies targeting China's high-tech military and defense sectors, posing significant threats to national security and research production safety [1][4]. Group 1: Cyberattack Incidents - In a notable incident from July 2022 to July 2023, U.S. intelligence exploited a zero-day vulnerability in Microsoft Exchange to attack a major military enterprise, gaining control of its email server for nearly a year and compromising over 50 critical devices [1][2]. - The attackers utilized multiple foreign IP addresses from countries such as Germany, Finland, South Korea, and Singapore to execute over 40 attacks, stealing emails from 11 individuals, including high-ranking officials, related to military product designs and core system parameters [2]. - Another incident from July to November 2024 involved attacks on a military communications and satellite internet enterprise, where attackers exploited unauthorized access and SQL injection vulnerabilities to implant backdoor programs and malware, compromising over 300 devices and targeting sensitive data [3]. Group 2: Threat Landscape - In 2024 alone, there were over 600 cyberattack incidents against important Chinese entities by foreign state-level APT organizations, with the defense and military sectors being the primary targets [4]. - U.S. intelligence-backed hacker organizations are characterized by their structured attack teams, extensive engineering support systems, and advanced vulnerability analysis capabilities, posing severe threats to China's critical information infrastructure and key personnel [4].

二、利用电子文件系统漏洞实施攻击 新京报讯 据中国网络空间安全协会官微消息，国家互联网应急中心（CNCERT）监测发现，近年来， 美国情报机构将网络攻击窃密的重点目标瞄准我高科技军工类的高校、科研院所及企业，试图窃取我军 事领域相关的科研数据或设计、研发、制造等环节的核心生产数据等敏感信息，目标更有针对性、手法 更加隐蔽，严重威胁我国防军工领域的科研生产安全甚至国家安全。自2022年西北工业大学遭受美国 NSA网络攻击被曝光后，美情报机构频繁猖獗对我国防军工领域实施网络窃密攻击。在此，选取2起典 型事件予以公布，为重要行业领域提供安全预警。 一、利用微软Exchange邮件系统零日漏洞实施攻击 2022年7月至2023年7月，美情报机构利用微软Exchange邮件系统零日漏洞，对我一家大型重要军工企业 的邮件服务器攻击并控制将近1年。经调查，攻击者控制了该企业的域控服务器，以域控服务器为跳 板，控制了内网中50余台重要设备，并在企业的某对外工作专用服务器中植入了建立websocket+SSH隧 道的攻击窃密武器，意图实现持久控制。同时，攻击者在该企业网络中构建了多条隐蔽通道进行数据窃 取。 期间，攻击者使用位 ...