NightEagle APT exploits Microsoft Exchange flaw to target China’s military and tech sectors

Cybersecurity researchers have shed light on a previously undocumented threat actor called NightEagle (aka APT-Q-95) that has been observed targeting Microsoft Exchange servers as a part of a zero-day exploit chain designed to target government, defense, and technology sectors in China.

According to QiAnXin’s RedDrip Team, the threat actor has been active since 2023 and has switched network infrastructure at an extremely fast rate. The findings were presented at CYDES 2025, the third edition of Malaysia’s National Cyber Defence & Security Exhibition and Conference held between July 1 and 3, 2025.

“It seems to have the speed of an eagle and has been operating at night in China,” the cybersecurity vendor said, explaining the rationale behind naming the adversary NightEagle.

Read more at The Hacker News