U.S. nuclear weapons agency was among those breached in a Microsoft SharePoint hack

The National Nuclear Security Administration, which oversees the design and upkeep of America’s nuclear weapons arsenal, was among those whose systems were breached as part of the recent Microsoft SharePoint hack.

An anonymous source from the NNSA said no classified or sensitive data appears to have been stolen in the NNSA breach. When asked about the breach, the NNSA directed all inquiries to the Department of Energy, which oversees the administration as part of its wider responsibilities.

“On Friday, July 18th, the exploitation of a Microsoft SharePoint zero-day vulnerability began affecting the Department of Energy,” an agency spokesman said. 

“The department was minimally impacted due to its widespread use of the Microsoft M365 cloud and capable cybersecurity systems. A small number of systems were impacted. All impacted systems are being restored.”

The NNSA carries out a wide range of duties beyond managing nuclear arms. It builds naval reactors for the Navy’s submarine fleet, responds to emergencies at home and abroad, helps transport nuclear weapons safely across the United States, and supports counterterrorism efforts.

This was not the first time hackers had penetrated NNSA-linked networks via a third-party tool. In 2020, the agency was targeted in an attack on SolarWinds Corp., whose software is used for network management. At the time, the Energy Department said malware had “been isolated to business networks only.”

Microsoft blamed state-sponsored hackers from China

The breach exploited weaknesses in the SharePoint platform and hit governments and businesses worldwide. In some cases, attackers stole sign‑in info such as usernames and passwords along with tokens and hash codes, according to an earlier Bloomberg report. 

Beyond the Energy Department, this breach extended to systems in national governments across ME and EU, as well as to several U.S. agencies, including the Education Department, the Rhode Island General Assembly, and Florida’s Department of Revenue.

Investigators say the full scope of the intrusion is still being determined. The software flaws affect organizations that run SharePoint locally rather than through Microsoft’s cloud service, leaving on-site installations particularly at risk.

In a Tuesday blog post, Microsoft named two hacking teams linked to China. These include Violet Typhoon and Linen Typhoon. The post mentioned a third group called Storm-2603 using similar tactics to breach systems.

On Monday, Charles Carmakal, chief technology officer at Mandiant, a Google‑owned cybersecurity firm, said in a LinkedIn post: “We assess that at least one of the actors responsible for the early exploitation is a China-nexus threat actor.”

The US Cybersecurity and Infrastructure Security Agency, or CISA, confirmed on Sunday that it was “aware of active exploitation” of the SharePoint weakness. Microsoft responded by issuing patches for local versions of SharePoint, then released a third fix on Monday.

SharePoint is a core part of Microsoft’s Office suite. It serves as a collaboration hub, letting employees inside organizations access shared files and documents through a central portal.

Microsoft has been attacked by Chinese hacker teams in the past

Last year, Chief Executive Officer of Microsoft Satya Nadella declared cybersecurity as the top priority for the company after a government report slammed the company’s response to a Chinese breach of email accounts belonging to officials. 

Earlier this month, Microsoft told customers it would no longer rely on Chinese engineers for cloud services provided to the Pentagon, following media reports that the setup could have allowed attacks on defense systems belonging to the US.

In 2021, another group called Hafnium, linked to China, exploited a separate flaw in Microsoft’s Exchange Server software to break into networks at organizations worldwide.

In a statement emailed to reporters, the Chinese embassy in Washington said Beijing opposed “all forms of cyberattacks” and warned against “smearing others without solid evidence.”

Security researchers first spotted the vulnerability in May during a hacking contest in Berlin organized by Trend Micro. The event offered cash prizes to those who could find undisclosed software bugs. The competition included a $100,000 award for zero-day exploits targeting SharePoint, highlighting how high‑stakes these hidden flaws can be.

Cryptopolitan Academy: Tired of market swings? Learn how DeFi can help you build steady passive income. Register Now