US Nuclear Plant Hacked Through SharePoint Vulnerabilities
▼ Summary
– A foreign threat actor breached the Kansas City National Security Campus by exploiting unpatched Microsoft SharePoint vulnerabilities.
– The compromised facility manufactures most critical non-nuclear components for US nuclear weapons under the National Nuclear Security Administration.
– Honeywell Federal Manufacturing & Technologies manages the Kansas City campus under contract with the NNSA.
– The Kansas City campus, Honeywell FM&T, and Department of Energy did not respond to repeated requests for comment in September.
– NSA public affairs stated they had nothing to contribute and referred inquiries back to the Department of Energy.
A foreign threat actor successfully breached the Kansas City National Security Campus (KCNSC), a vital facility responsible for manufacturing essential non-nuclear components for the United States nuclear arsenal. The intrusion occurred through unpatched Microsoft SharePoint vulnerabilities, highlighting critical cybersecurity weaknesses in sensitive government infrastructure. This incident underscores the persistent risks facing national security installations and the urgent need for robust digital defenses.
The compromised facility operates under the National Nuclear Security Administration (NNSA), a semi-autonomous agency within the Department of Energy that manages the design, production, and maintenance of America’s nuclear weapons. Honeywell Federal Manufacturing & Technologies (FM&T) oversees daily operations at the Kansas City campus under an NNSA contract. The breach specifically targeted systems supporting the production of crucial components, raising alarms about potential impacts on national security readiness.
Throughout September, prior to the current government shutdown, multiple attempts to obtain comments from the Kansas City campus, Honeywell FM&T, and the Department of Energy went unanswered. An NSA public affairs officer, Eddie Bennett, responded to inquiries but declined to provide details, stating the agency had nothing to contribute and referring questions back to the Department of Energy. The lack of official statements leaves many questions unanswered regarding the breach’s full scope and the measures being taken to prevent future incidents.
(Source: CSO Online)
