US Nuclear Weapons Agency Hit by Microsoft SharePoint Hack
A US government agency responsible for designing and maintaining nuclear weapons was compromised in a recent cyberattack targeting Microsoft’s SharePoint server software. According to reports, the breach impacted the National Nuclear Security Administration (NNSA), a division of the Department of Energy. However, officials claim no sensitive or classified data was accessed.
The attack exploited a zero-day vulnerability in SharePoint’s on-premises servers. A Department of Energy spokesperson stated that only a small number of systems were affected, and all compromised systems are being restored. The agency noted that its widespread use of Microsoft’s cloud-based M365 platform and strong cybersecurity measures helped minimize damage.
Microsoft attributed the attack to state-sponsored Chinese hackers, who reportedly exploited weaknesses in SharePoint to gain unauthorized access, steal security credentials, and maintain persistent control over systems. Cybersecurity experts warned that the flaw could allow attackers to bypass future patches, making it an ideal target for ransomware operations.
In addition to the NNSA, the breach affected the US Education Department and Florida’s Department of Revenue, as well as government systems in Europe and the Middle East. Microsoft has since released a security patch to address the vulnerability, specifically targeting on-premises servers.
The incident highlights ongoing cybersecurity risks facing critical government infrastructure, particularly when relying on outdated or vulnerable software systems. Authorities continue to investigate the full scope of the breach while urging organizations to apply the latest security updates.
