Critical SharePoint Flaw Leads to Breach at US Nuclear Agency — China-Linked Hackers Suspected

A critical vulnerability in Microsoft’s SharePoint software has reportedly been used to breach the National Nuclear Security Administration (NNSA)—the agency responsible for overseeing America’s nuclear weapons—according to Bloomberg, citing an inside source.

The breach raises concerns about whether cyber attackers may have accessed any sensitive or classified materials. Microsoft revealed this week that at least two Chinese state-sponsored hacking groups have been exploiting the zero-day vulnerability in SharePoint, a popular platform for hosting internal documents and websites.

Importantly, this vulnerability affects on-premises SharePoint servers, not Microsoft 365’s cloud-based SharePoint Online. The Department of Energy (DOE), which supervises the NNSA, confirmed the intrusion and stated that the impact was limited.

Fortunately, the agency noted that due to its extensive use of Microsoft 365 and advanced cybersecurity systems, only a small number of systems were compromised, all of which are now in the process of being restored. Among those affected was at least one system linked to an NNSA facility. However, so far, there is no evidence that sensitive or classified data was stolen.

Even so, the widespread abuse of this vulnerability has raised alarms across both public and private sectors. According to security firm Eye Security, over 400 SharePoint servers have already been compromised.

Microsoft issued emergency patches on Sunday and Monday, but researchers found that the flaw was already being exploited as early as July 7, giving attackers a significant head start.

The US Cybersecurity and Infrastructure Security Agency (CISA) has also released guidance for organizations on how to respond to the SharePoint vulnerability. Meanwhile, researchers have identified over 9,000 potentially vulnerable SharePoint servers, with more than 3,000 located in the US alone.

The breach underscores the risks of relying on outdated or unpatched on-premise systems and highlights the urgent need for proactive cybersecurity measures across critical infrastructure.

Newer Articles

• Term Life Insurance with Return of Premium: High Coverage, Smart Choice
• Everyday Registration Done Right
• How Not to Lose Money: The Main Mistakes of Beginners in Financial Markets

Older Articles

• How Your GMAT Score Impacts Your Ivy League MBA Admission
• Renovating Using Equity: How Refinancing Can Unlock the Funds You Need
• Excellence in Women’s Healthcare: Essential Qualities That Define the Best Gynecology Hospital in Vijayawada