Military industrial sectors targeted by US cyberattacks

China's military industrial sectors have become primary targets of United States intelligence agencies for online attacks and espionage, as disclosed by a Chinese cybersecurity association on Friday, citing specific cases.

In response, the Foreign Ministry highlighted these findings as the latest evidence of the US government's malicious cyberattacks on China, once again showing that the US is the top cyber threat faced by China.

With details of two recent cyberattacks released, the Cyber Security Association of China noted that US intelligence agencies, in recent years, have targeted Chinese high-tech military industrial universities, research institutes and enterprises for cyberattacks and espionage, attempting to steal research data and sensitive information related to military design, development and manufacturing.

One disclosed case, for example, showed how US intelligence agencies exploited a vulnerability in the Microsoft Exchange email system to attack and control the email servers of a major Chinese defense enterprise.

From July 2022 to July 2023, the attackers maintained control over the company's domain controller server, using it as a pivot to commandeer over 50 critical internal devices. They planted data-stealing malware on the enterprise's outward-facing servers, with the aim of securing persistent control. Furthermore, they established multiple covert channels within the enterprise network for data exfiltration.

During the period, the attackers also launched over 40 network assaults against the enterprise by employing IP addresses originating from various countries such as Germany, Finland, South Korea and Singapore. Subsequently, they stole emails that contained sensitive information pertaining to military industrial product design plans and core system parameters from 11 individuals, including senior management members and employees.

Another case occurred from July to November 2024, in which US intelligence agencies conducted cyberattacks on a Chinese military industrial enterprise in the communication and satellite internet sector by exploiting vulnerabilities in its electronic file systems.

In this instance, the attackers utilized IP addresses from countries including Romania and the Netherlands as pivots to obfuscate their attacking identity and true intentions.

"The attackers from the US exhibit a highly targeted approach with more covert methods, posing significant threats to the research, production safety and even national security of China's defense and military industrial sectors," the association said.

It also revealed that in 2024 alone, foreign state-sponsored advanced persistent threat groups launched more than 600 cyberattacks on vital Chinese institutions, with a particular focus on the defense and military industries.

Foreign Ministry spokesman Guo Jiakun said on Friday that the US used its allies in Europe and in China's neighboring region to launch the cyberattacks, exposing its hypocrisy on the issue of cybersecurity — claiming itself to be the victim while it's the other way around.

"China always believes that cybersecurity is a common challenge faced by all countries and requires a joint response through dialogue and cooperation," he said, adding that China will continue to take necessary measures to safeguard its own cybersecurity.