The National Computer Network Emergency Response Technical Team/ Coordination Center of China (CNCERT/CC) found and handled two incidents of cyber attacks originated from the United States on China's large-scale tech firms to steal trade secrets.

  Since August 2024, an advanced materials design and research institution of China has been suspected of being attacked by a U.S. intelligence agency. Analysis showed that the attacker exploited vulnerabilities in an electronic document security management system to infiltrate the software upgrade management server deployed by the firm. The attacker then implanted Trojan in over 270 hosts of the firm via software upgrade service, stealing a large amount of trade secrets and intellectual property.

  Since May 2023, a large-scale high-tech firm dedicated to intelligent energy and digital information of China has been suspected of being attacked a U.S. intelligence agency. Analysis showed that the attacker used multiple overseas hosts as springboards to exploit a Microsoft Exchange vulnerability, thus penetrating and controlling the firm's email server. By embedding backdoors in the server, the attacker managed to steal email data constantly. In the meantime, the attacker used the email server as a springboard to control over 30 hosts of the firm and its affiliates, stealing a large number of trade secrets.

  A detailed report has been published by CNCERT/CC on the two incidents on January 17, 2025.