By using this site, you agree to the Privacy Policy and Terms of Use.
Accept
World of SoftwareWorld of SoftwareWorld of Software
  • News
  • Software
  • Mobile
  • Computing
  • Gaming
  • Videos
  • More
    • Gadget
    • Web Stories
    • Trending
    • Press Release
Search
  • Privacy
  • Terms
  • Advertise
  • Contact
Copyright © All Rights Reserved. World of Software.
Reading: NightEagle APT Exploits Microsoft Exchange Flaw to Target China’s Military and Tech Sectors
Share
Sign In
Notification Show More
Font ResizerAa
World of SoftwareWorld of Software
Font ResizerAa
  • Software
  • Mobile
  • Computing
  • Gadget
  • Gaming
  • Videos
Search
  • News
  • Software
  • Mobile
  • Computing
  • Gaming
  • Videos
  • More
    • Gadget
    • Web Stories
    • Trending
    • Press Release
Have an existing account? Sign In
Follow US
  • Privacy
  • Terms
  • Advertise
  • Contact
Copyright © All Rights Reserved. World of Software.
World of Software > Computing > NightEagle APT Exploits Microsoft Exchange Flaw to Target China’s Military and Tech Sectors
Computing

NightEagle APT Exploits Microsoft Exchange Flaw to Target China’s Military and Tech Sectors

News Room
Last updated: 2025/07/04 at 9:59 AM
News Room Published 4 July 2025
Share
SHARE

Jul 04, 2025Ravie LakshmananZero-Day / Cyber Espionage

Cybersecurity researchers have shed light on a previously undocumented threat actor called NightEagle (aka APT-Q-95) that has been observed targeting Microsoft Exchange servers as a part of a zero-day exploit chain designed to target government, defense, and technology sectors in China.

According to QiAnXin’s RedDrip Team, the threat actor has been active since 2023 and has switched network infrastructure at an extremely fast rate. The findings were presented at CYDES 2025, the third edition of Malaysia’s National Cyber Defence & Security Exhibition and Conference held between July 1 and 3, 2025.

Cybersecurity

“It seems to have the speed of an eagle and has been operating at night in China,” the cybersecurity vendor said, explaining the rationale behind naming the adversary NightEagle.

Attacks mounted by the threat actor have singled out entities operating in the high-tech, chip semiconductors, quantum technology, artificial intelligence, and military verticals with the main goal of gathering intelligence, QiAnXin added.

The company also noted that it began an investigation after it discovered a bespoke version of the Go-based Chisel utility on one of its customer’s endpoints which was configured to automatically start every four hours as part of a scheduled task.

“The attacker modified the source code of the open-source Chisel intranet penetration tool, hard-coded the execution parameters, used the specified username and password, established a socks connection with the 443 end of the specified C&C address, and mapped it to the specified port of the C&C host to achieve the intranet penetration function,” it said in a report.

Cybersecurity

It’s said that the trojan is delivered by means of a .NET loader, which, in turn, is implanted into the Internet Information Server (IIS) service of the Microsoft Exchange Server. Further analysis has determined the presence of a zero-day that enabled the attackers to obtain the machineKey and gain unauthorized access to the Exchange Server.

“The attacker used the key to deserialize the Exchange server, thereby implanting a Trojan into any server that complies with the Exchange version, and remotely reading the mailbox data of any person,” the report said.

QiAnXin claimed that the activity was likely the work of a threat actor from North America given that the attacks took place between 9 p.m. and 6 a.m. Beijing time. The Hacker News has reached out to Microsoft for further comment, and we will update the story if we get a response.

Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post.

Sign Up For Daily Newsletter

Be keep up! Get the latest breaking news delivered straight to your inbox.
By signing up, you agree to our Terms of Use and acknowledge the data practices in our Privacy Policy. You may unsubscribe at any time.
Share This Article
Facebook Twitter Email Print
Share
What do you think?
Love0
Sad0
Happy0
Sleepy0
Angry0
Dead0
Wink0
Previous Article Google expands Material 3 Expressive redesign to more Android settings
Next Article I’m a day-one Apple TV+ subscriber, and these are my 7 favorite shows ever
Leave a comment

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Stay Connected

248.1k Like
69.1k Follow
134k Pin
54.3k Follow

Latest News

Digital Workplace Analytics: Optimize Your Workflows With Insights
Computing
As Samsung’s smartwatch market share drops, more than ever is riding on the Galaxy Watch 8
News
Luxora Global: The Premier Free Guest Posting Platform for the Luxury Industry
Gadget
University of Tokyo probes Tiananmen Square website reference
Software

You Might also Like

Computing

Digital Workplace Analytics: Optimize Your Workflows With Insights

25 Min Read
Computing

Wazuh 101: How I Got My SIEM Setup Working in One Afternoon | HackerNoon

8 Min Read
Computing

Free Professional Social Media Proposal Templates to Win Clients

24 Min Read
Computing

The Consultant Cargo Cult Must End | HackerNoon

10 Min Read
//

World of Software is your one-stop website for the latest tech news and updates, follow us now to get the news that matters to you.

Quick Link

  • Privacy Policy
  • Terms of use
  • Advertise
  • Contact

Topics

  • Computing
  • Software
  • Press Release
  • Trending

Sign Up for Our Newsletter

Subscribe to our newsletter to get our newest articles instantly!

World of SoftwareWorld of Software
Follow US
Copyright © All Rights Reserved. World of Software.
Welcome Back!

Sign in to your account

Lost your password?