The US National Nuclear Security Administration (NNSA), which is responsible for maintaining the nation's nuclear weapons stockpile, was breached in a cyberattack that exploited a zero-day vulnerability in Microsoft SharePoint . The attack began on July 18th and affected systems running SharePoint on their own servers .
A US Department of Energy spokesperson said that the department was minimally impacted due to its widespread use of the Microsoft M365 cloud and very capable cybersecurity systems . A very small number of systems were impacted and that all impacted systems are being restored . An anonymous source noted that no sensitive or classified information is believed to have been compromised .
Microsoft has blamed the attack on Chinese state-sponsored hackers, naming groups like Linen Typhoon, Violet Typhoon, and Storm-2603 as responsible . The hackers reportedly exploited flaws in SharePoint document management software to access and control systems and steal security credentials and tokens . Microsoft announced that it had released a new security patch to mitigate active attacks targeting on-premises servers .
Google stated that the vulnerability allows "persistent, unauthenticated access that can bypass future patching," calling it a "dream for ransomware operators" . In addition to the NNSA, the US Education Department, Florida's Department of Revenue, and the Rhode Island General Assembly were also affected, along with government systems in Europe and the Middle East .
The Chinese Embassy in Washington denied any involvement in the hacks, describing the allegations as “unfounded speculation” .