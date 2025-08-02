China accused the US of exploiting a flaw in Microsoft Corp.’s email servers to steal military data and launch cyberattacks on its defense sector.

The Cyber Security Association of China said in a statement Friday that US actors had been linked to two major cyberattacks on Chinese military companies, without naming them. They exploited flaws in Microsoft Exchange to control the servers of a key company in the defense sector for nearly a year, it added. The association is a little-known entity backed by the powerful Cyberspace Administration of China.

Redmond, Washington-based Microsoft has repeatedly blamed China for major cyberattacks involving the same software. In 2021, an alleged Chinese operation compromised tens of thousands of Microsoft Exchange servers. In 2023, another alleged Chinese attack on Microsoft Exchange . compromised senior US officials' email accounts. A US government review later accused Microsoft of a “cascade of security failures” over the 2023 incident. And last month, Microsoft said Chinese state-backed hacking groups had exploited vulnerabilities in its SharePoint file-sharing software.

“Every nation-state in the world carries out offensive cybersecurity campaigns against others,” said Jon Clay, vice president of threat intelligence at Trend Micro. “I’m assuming at this point, because of the recent SharePoint vulnerability that Microsoft attributed to China, they are coming out and saying, hey, the US has been targeting us with exploits.”