This would hardly be a surprise. The NSA TAO was responsible for EternalBlue. And they have straight up stated that they hold on to some zero-day vulnerabilities for use. Hacking a “Microsoft Exchange Mail to attack and control the mail server of a major Chinese military enterprise” to collect SIGINT is rather exactly why the NSA exists. They should be assumed to be a state sponsored APT like any other.

Exploiting? Zero-day? Microsoft is a US’ bitch and Windows has more backdoors than Linux has audio players. And China says it like those backdoors are unintentional vulnerabilities.