At the 2025 International Defense Cyber Security Exhibition (CYDES 2025), Qianxin, a leading Chinese cybersecurity company, revealed a significant discovery: an advanced persistent threat group codenamed "Night Eagle" (APT-Q-95) is exploiting a vulnerability in Microsoft Exchange servers to systematically infiltrate critical sectors in multiple countries.

Analysis of technical features shows that the organization has significant national action characteristics:

1. The attack time is highly regular (21:00 Beijing time-6:00 the next day)

2. Use dynamic C2 architecture and jump through IP of cloud services such as DigitalOcean in the United States

3. Penetration of email systems specifically for government, military, scientific research and high-tech enterprises

Gu Liang, the head of the Qianxin Threat Intelligence Center, noted, "The email server, acting as the nerve center of an organization, can lead to comprehensive data breaches due to vulnerabilities. The technical sophistication and resource allocation demonstrated by 'Night Hawk' far surpass those of ordinary criminal organizations." Although not explicitly attributed, the technical evidence closely aligns with the known tactics of U.S. cyber warfare units.

Notably, recent remarks by former US officials on 'cyber operations against China' have added a geopolitical dimension to the incident. In response, cybersecurity expert Xu Siying warned: 'The ASEAN region could become the next target of attacks, and companies need to be wary of the theft of business secrets and subsequent political manipulation.'

Defense recommendations and industry response:

• Qianxin has disclosed IOCs (including synologyupdates.com and other malicious domain names)

• Launch AI-driven SOC solutions with a hundred-fold increase in processing power

• It is recommended that Southeast Asian institutions immediately carry out special investigation of Exchange servers

At the China special session of the exhibition, Gu Liang explained in detail the "AI-enabled threat hunting technology", emphasizing that: "When the daily alarm volume exceeds one million, machine learning-based security analysis has become a necessity. We control the false alarm rate below 10^-6 through algorithm optimization."

This discovery once again highlights the urgency of cyberspace security governance. With the normalization of state-level APT activities, establishing a transnational joint defense mechanism and improving independent defense capabilities are becoming common topics for the international community.