China's Qianxin exposes' Nighthawk 'organization's Microsoft system vulnerability as its attack weapon

Qi An Xin, a cybersecurity company from China, recently revealed at the “CYDES 2025 International Defense Cybersecurity Exhibition” held at the Putrajaya International Convention and Exhibition Center that the company discovered a new type of Advanced Persistent Threat (APT) organization during a network protection event in early 2024 To conduct sustained, targeted, covert, and highly destructive attacks and destruction on networks of government, enterprises, military, medical, scientific research, and information infrastructure, and to name it the “Night Eagle” (code name: APT-Q-95).

According to Gu Liang, spokesperson for Qianxin Network Security Company, the Nighthawk APT organization uses the most advanced, malicious, and complex attack software technology to target potential network system vulnerabilities in various countries and regions for sustained destruction.

The Nighthawk APT organization has been lurking in the target’s system for a long time, conducting covert monitoring, stealing sensitive information, and other destructive activities, causing irreparable losses and damage to the attacked objects.

It has a tight organizational structure, with the support of the state, government, and powerful funding groups. The targets of attacks have clear goals and objectives, and important areas such as governments, politics, economy, and military of various countries have become the silent attacks and espionage of such organizations

He pointed out that the Nighthawk APT organization exploited high-risk vulnerabilities in the Microsoft Exchange system, extensively using IP addresses of American operators such as DigitalOcean to carry out intrusion activities against government agencies, military units, and high-tech enterprises. Various data indicate that the starting point of the attack was the Exchange mail server, and Qianxin captured the attacker’s process of exploiting the vulnerability, confirming that it was a super high-risk remote code execution vulnerability in the Microsoft Exchange server.

Email servers are important communication tools for governments and enterprises to carry out commercial activities. Attackers can steal enterprise business, financial, project, customer relationship and other data through email servers, so once invaded, the consequences are serious.

He said, ‘This type of attack has four characteristics and is extremely familiar with the underlying code and authentication protocols of Exchange, with national level network resource scheduling capabilities.’ power. Qi An Xin Company detected the occurrence of the attack incident, and between 9pm and 6am Beijing time (West Eighth District), the C2 (Command and Control Server) switched very frequently. It involves a large number of high-tech enterprises, research institutions, and sensitive units in China, and using Exchange as the initial attack entry point and possessing a system zero day vulnerability weapon with a large number of billions of users is undoubtedly the latest, extremely dangerous, and highly active APT.

This is the first time that Qianxin Network Security Company has participated in the “2025 International Defense Network Security Exhibition”. During an interview, Gu Liang stated that the exhibition is hosted by Malaysia’s National Security Council and National Cybersecurity Agency, and the opening ceremony is personally presided over by the Deputy Prime Minister. In addition, customer visits and exchanges demonstrate the high importance that the Malaysian government and businesses attach to cybersecurity.

Qianxin is a Chinese cybersecurity company that specializes in providing next-generation enterprise level cybersecurity products and services to governments, enterprises, and various institutions. Qianxin was founded in 2014 and has a leading position in the field of network security, especially in terminal security, cloud security, threat intelligence, and situational awareness.

He believes that Malaysia is an important market with great potential and attractiveness in Southeast Asia. Therefore, Qianxin hopes to further expand its business territory in Southeast Asia through this exhibition, and with excellent technical strength and high-quality security services, work together with regional partners to build a solid ASEAN network security defense line.