Cybersecurity researchers have uncovered NightEagle, a sophisticated threat actor targeting Microsoft Exchange servers for espionage in China’s high-tech and military sectors. The group employs zero-day exploits and custom tools to infiltrate networks and extract intelligence. #NightEagle #ZeroDayExploit
Keypoints
- NightEagle has been active since 2023, rapidly changing network infrastructure to evade detection.
- The threat actor targets high-value sectors such as government, defense, and technology in China.
- They use a modified Go-based Chisel utility to penetrate intranet networks automatically.
- A zero-day vulnerability in Microsoft Exchange allows them to implant Trojans and access mailbox data.
- Analysis suggests that the attacker may originate from North America, operating mainly at night in China.
Read More: https://thehackernews.com/2025/07/nighteagle-apt-exploits-microsoft.html