In a dramatic escalation of the ongoing cyber-espionage war, China has publicly accused the United States of exploiting vulnerabilities in Microsoft Exchange email servers to carry out cyberattacks against its defense sector. The allegations, made by the Cyber Security Association of China (CSAC), a little-known body backed by the country’s internet watchdog, claim that US-linked actors used these flaws to steal military data and maintain long-term control over a key defense contractor’s servers for nearly a year.
The CSAC’s statement, which did not name specific companies or perpetrators, marks a significant shift in Beijing’s approach. While the US has frequently and publicly attributed cyberattacks to China and even filed charges against alleged hackers, China has historically been more reserved in its public accusations. This latest move appears to be a direct counterpunch to recent revelations from Microsoft, which has repeatedly blamed China-backed groups for major cyber incidents involving its software.
Microsoft has found itself in the middle of this geopolitical storm. In recent years, the company has pointed the finger at China for a wide-scale hack of Exchange servers in 2021 and a 2023 breach that compromised the email accounts of senior US officials. Just last month, Microsoft also reported that state-sponsored Chinese hacking groups had exploited a flaw in its SharePoint file-sharing software, impacting hundreds of organizations globally.
Cybersecurity experts suggest that this public volley of accusations is part of a broader strategy. “Every nation state in the world carries out offensive cybersecurity campaigns against others,” said Jon Clay, vice president of threat intelligence at Trend Micro. He speculated that China’s accusation is a response to the recent SharePoint vulnerability that Microsoft attributed to Beijing.
The US embassy in Beijing has not yet commented on the allegations. With both superpowers locked in a digital arms race, the tit-for-tat accusations underscore the fragility of global cybersecurity and the increasing use of public attribution as a tool for geopolitical pressure.
