US Nuclear Weapons Agency Breached in Microsoft SharePoint Hack
▼ Summary
– Unknown hackers breached the National Nuclear Security Administration (NNSA) by exploiting a Microsoft SharePoint zero-day vulnerability.
– The NNSA, responsible for maintaining U.S. nuclear weapons, confirmed the breach but stated only a small number of systems were impacted.
– No evidence suggests sensitive or classified information was compromised in the NNSA breach, according to agency sources.
– The same attackers targeted other U.S. and international entities, including government agencies in Europe and the Middle East.
– Chinese state-sponsored hacking groups, including Linen Typhoon and Violet Typhoon, were linked to the widespread SharePoint exploits.
A recent cyberattack exploiting vulnerabilities in Microsoft SharePoint has compromised systems at the National Nuclear Security Administration (NNSA), the U.S. agency responsible for safeguarding the nation’s nuclear arsenal. While officials confirm the breach was limited in scope, the incident highlights ongoing security risks facing critical government infrastructure.
The NNSA, a key division of the Department of Energy, oversees nuclear weapons maintenance and emergency response efforts. Hackers infiltrated its networks last week by leveraging a previously unknown flaw in SharePoint, a widely used collaboration platform. A Department of Energy spokesperson acknowledged the breach but emphasized that only a handful of systems were affected, with no evidence suggesting classified data was accessed. “Due to robust cybersecurity measures and cloud-based defenses, the impact was minimal,” the spokesperson stated.
This isn’t the first time the NNSA has been targeted. In 2019, Russian state-backed hackers breached its systems through a compromised SolarWinds software update. The latest attack, however, has been attributed to Chinese-linked threat actors. Microsoft identified two groups, Linen Typhoon and Violet Typhoon, as primary culprits, alongside another entity tracked as Storm-2603. These hackers exploited the SharePoint vulnerability to infiltrate not just U.S. agencies but also government networks in Europe and the Middle East.
Security researchers first detected the attacks in mid-July, with Dutch firm Eye Security reporting at least 54 organizations compromised, including multinational corporations and government bodies. Check Point later revealed evidence of exploitation dating back to early July, targeting sectors like telecommunications and technology. By the time Microsoft issued patches, over 400 servers had been infected globally, affecting 148 organizations.
In response, the Cybersecurity and Infrastructure Security Agency (CISA) flagged the vulnerability as actively exploited, mandating federal agencies to apply fixes within 24 hours. Despite the swift action, the breach underscores the persistent challenges of defending against sophisticated state-sponsored cyber campaigns. Officials continue to monitor the situation, though they maintain that operational disruptions were contained.
Editor’s Note: This article was updated to include additional details from the Department of Energy.
(Source: Bleeping Computer)
