📢 Gate Square #Creator Campaign Phase 2# is officially live!
Join the ZKWASM event series, share your insights, and win a share of 4,000 $ZKWASM!
As a pioneer in zk-based public chains, ZKWASM is now being prominently promoted on the Gate platform!
Three major campaigns are launching simultaneously: Launchpool subscription, CandyDrop airdrop, and Alpha exclusive trading — don’t miss out!
🎨 Campaign 1: Post on Gate Square and win content rewards
📅 Time: July 25, 22:00 – July 29, 22:00 (UTC+8)
📌 How to participate:
Post original content (at least 100 words) on Gate Square related to
NightEagle APT Targets China Via Zero-Day Exchange Exploits
HomeNews* A new threat group known as NightEagle (APT-Q-95) has targeted Microsoft Exchange servers in China using zero-day vulnerabilities.
The research team began their investigation after finding a custom version of the Chisel penetration tool on a customer system. This tool was set to run automatically every four hours. Analysts explained in their report that the attackers altered the open-source Chisel tool, setting fixed usernames, passwords, and connecting specific ports between the compromised network and their command server.
The initial Malware is delivered through a .NET loader, which is embedded in the Internet Information Server (IIS) of the Exchange server. The attackers leverage an undisclosed flaw—a zero-day vulnerability—to retrieve the server’s machineKey credential. This lets them deserialize and load additional malware into any Exchange server of a compatible version, gaining remote access and the ability to read mailbox data.
A spokesperson for QiAnXin stated, “It seems to have the speed of an eagle and has been operating at night in China,” referencing the group’s operating hours and naming rationale. Based on activity patterns, investigators suspect NightEagle may be based in North America because most attacks occur between 9 p.m. and 6 a.m. Beijing time.
The findings were revealed at CYDES 2025, Malaysia’s National Cyber Defence & Security Exhibition and Conference. QiAnXin has notified Microsoft about the research for further action.
Previous Articles: