Chinese cyber security company exposes "Night Eagle" hacker group: Microsoft Exchange vulnerability becomes a global attack breakthrough

At the recently held 2025 International Defense Cybersecurity Exhibition (CYDES 2025), Qianxin, a leading Chinese cybersecurity company, released a significant report that exposed an advanced persistent threat (APT) group known as 'Night Eagle' (APT-Q-95). This group leverages high-risk vulnerabilities in Microsoft Exchange to launch sophisticated cyber attacks against government agencies, military units, high-tech companies, and research institutions worldwide.

National hacker groups surfaced

According to Gu Liang, head of the threat intelligence team at Qianxin, the "Night Hawk" group shows clear characteristics of a state-level hacking operation:

The attack time is highly regular (from 21:00 to 6:00 the next day)

The dynamic C2 architecture is adopted and IP such as DigitalOcean, an American cloud service provider, is used for jumping

Specifically targeted to the Microsoft Exchange mail system vulnerability implementation of intrusions

Have a deep understanding of the underlying Exchange code and authentication protocol

Such attacks are not only technologically advanced but also clearly state-sponsored cyber espionage operations that have been meticulously planned over a long period, Gu Liang stressed. 'Once the email server, which serves as the core communication hub for government and enterprise institutions, is breached, it will result in the comprehensive leakage of sensitive data, including business, financial, and customer relationship information.'

Attack methods and hazards

The analysis shows that the Night Hawk group carries out attacks mainly in the following ways:

Exploiting the remote code execution vulnerability in Microsoft Exchange Server

Use malicious domain names (such as synologyupdates.com, app.flowgw.com) to establish C2 channels

It has been lurking in the target system for a long time to steal and monitor data

The group has been involved in attacks on a large number of high-tech companies, research institutions and sensitive sectors in China, and its arsenal of zero-day vulnerabilities makes it one of the most dangerous and active APT groups today.

Southeast Asian countries face serious threats

Qianxin has warned that Malaysia and other ASEAN countries could be the next targets of the Night Hawk group. The company has made public relevant attack signature indicators (IOCs) to help regional enterprises carry out targeted detection and defense.

AI empowers cyber security defense

During the exhibition, Qianxin demonstrated its AI-driven security solutions:

Security Operations Center (SOC) system based on machine learning

Automated threat detection and response capabilities

It can process millions of security alerts per day

The underreporting rate is kept at a very low level (less than 10^-6)

"In the face of increasingly complex cyber threats, traditional defense methods have been overwhelmed." Gu Liang said, "AI technology not only greatly improves the efficiency of security engineers, but also enables accurate threat hunting and rapid emergency response."

Call for international cooperation

With the exposure of the Night Hawk group, cyber security experts have called on countries to strengthen cooperation and jointly deal with state-level cyber threats. Qianxin said it will continue to expand its business in southeast Asia and work with regional partners to build a stronger cyber security defense line.