In yet another alarming example of government systems falling prey to cyber threats, the National Nuclear Security Administration (NNSA) โ the U.S. agency responsible for maintaining the countryโs nuclear weapons arsenal โ was reportedly breached in a cyberattack that exploited a critical flaw in Microsoftโs SharePoint document software.
According to a report from Bloomberg News, the breach is part of a larger wave of cyberattacks that targeted a zero-day vulnerability in on-premise versions of Microsoftโs SharePoint software, affecting more than 50 organizations worldwide.
What Is NNSA?
The National Nuclear Security Administration (NNSA)ย is a semi-autonomous agency within the U.S. Department of Energy responsible for safeguarding national securityย through the militaryย application of nuclear science. It maintains the U.S. nuclear weapons stockpile, prevents nuclear proliferation, powers Navy submarines and carriers with nuclear reactors, and responds to nuclear or radiological emergencies.
Chinese Hackers Behind The Attack
Microsoft has attributed the attack to Chinese state-sponsored hacker groups, including those it tracks under the names Linen Typhoon, Violet Typhoon, and Storm-2603. These groups reportedly exploited the zero-day vulnerability to gain remote access to systems, steal login credentials, and potentially spread across other connected networks.
“It’s a dream for ransomware operators,” Google’s Threat Intelligence Group said, adding that the vulnerability allows “persistent, unauthenticated access that can bypass future patching.”
While the NNSA was confirmed to be one of the victims, the agency also noted that there is no evidence of sensitive or classified information being accessed in the breach.
“On Friday, July 18th, the exploitation of a Microsoft SharePoint zero-day vulnerability began affecting the Department of Energy, including the NNSA,” Ben Dietderich, Secretary of the Department of Energy (under which the NNSA operates), told BleepingComputer in a statement.
“The Department was minimally impacted dueย toย its widespread use of the Microsoft M365 cloud and very capable cybersecurity systems.” He added that only “a very small number of systems were impacted” and that “all impacted systems are being restored.”
Breach Not Limited To NNSA
The breach wasnโt limited to the NNSA. According to Microsoft and cybersecurity researchers, the hackers also targeted other U.S. government entities โ including the Department of Education, the Florida Department of Revenue, and the Rhode Island General Assembly. Similarly, international governments across Europe, the Middle East, and Africa were affected.
Microsoft Responds
In response to the breach, Microsoft has released a security update for SharePoint Subscription Edition vulnerability and is working with impacted customers to investigate and secure affected on-premises servers. They have urged impacted customers to apply the update immediately. Additionally, the company reiterated that organizations using the cloud-based SharePoint Online service were not vulnerable in this case.
