A previously undocumented Advanced Persistent Threat (APT) group, “NightEagle,” has been found targeting the Chinese government and critical sectors using an unidentified Microsoft Exchange zero-day flaw.
According to a discovery made by RedDrip, the threat intelligence unit of Chinese cybersecurity firm QiAnXin Technology, the threat group has been compromising Microsoft Exchange servers through a sophisticated zero-day exploit chain to steal confidential mailbox data.
“Since 2023, QianXin has been continuously tracking a top APT group which holds an unknown Exchange vulnerability exploitation chain and has a substantial fund to purchase a large amount of network assets, such as VPS servers and domain names,” said RedDrip researchers in a report. “This group has long targeted top companies and institutions in China’s high-tech, chip semiconductor, quantum technology, artificial intelligence, and large language models, military industry, and other fields for cyber attacks.”
