U.S. Cyber Espionage Targets Chinese Defense Sector, Poses National Security Threat

U.S. intelligence organizations have markedly increased their cyber espionage efforts directed at China's defense and military-industrial sectors, presenting critical threats to national security, as indicated by the China Cyberspace Security Association's announcement on Friday. The National Computer Network Emergency Response Technical Team/Coordination Center of China (CNCERT) noted that American cyber operatives have executed various attacks on Chinese military-affiliated universities, research institutions, and companies. These operations primarily focus on extracting sensitive information regarding defense research, design, and manufacturing processes.

Two specific incidents were highlighted to illustrate the escalating dangers to critical infrastructure. The first incident, which took place from July 2022 to July 2023, involved U.S. hackers utilizing a zero-day vulnerability in Microsoft Exchange to breach a significant Chinese defense enterprise. The intruders managed to compromise the firm’s domain controller, taking control of over 50 internal devices while implementing tools to maintain long-term access and harvest classified data. Reports reveal that more than 40 attacks were funneled through proxy servers situated in countries such as Germany, Finland, South Korea, and Singapore, affecting sensitive communications of 11 individuals, including top executives.

In the second case, occurring between July and November 2024, another Chinese defense firm focusing on satellite and telecommunications was similarly compromised. Attackers took advantage of vulnerabilities in the firm's document system to introduce backdoors and trojans. By manipulating the software upgrade function, they deployed spyware that allowed them to seize control of over 300 devices and capture classified information concerning military networks.

Analysis indicates that these cyberattacks were executed by state-sponsored groups with specific strategic objectives, utilizing advanced methodologies to avoid detection and erase their digital traces. In 2024 alone, China documented over 600 cyber incidents attributed to foreign APT (Advanced Persistent Threat) groups, with the defense sector emerging as the primary target.