This would hardly be a surprise. The NSA TAO was responsible for EternalBlue. And they have straight up stated that they hold on to some zero-day vulnerabilities for use. Hacking a “Microsoft Exchange Mail to attack and control the mail server of a major Chinese military enterprise” to collect SIGINT is rather exactly why the NSA exists. They should be assumed to be a state sponsored APT like any other.
This would hardly be a surprise. The NSA TAO was responsible for EternalBlue. And they have straight up stated that they hold on to some zero-day vulnerabilities for use. Hacking a “Microsoft Exchange Mail to attack and control the mail server of a major Chinese military enterprise” to collect SIGINT is rather exactly why the NSA exists. They should be assumed to be a state sponsored APT like any other.