Microsoft SharePoint Hack Exposes US Nuclear Weapons Agency
ByAinvest
Tuesday, Jul 22, 2025 8:17 pm ET1min read
CVE--
The breach occurred as part of a larger campaign exploiting a zero-day vulnerability in Microsoft SharePoint. The attack began on July 18, 2025, and affected the Department of Energy, which has since been minimally impacted due to its robust cybersecurity systems. The NNSA's role in counterterrorism, nuclear weapons transportation, and providing nuclear reactors for submarines was not compromised [1].
The hackers leveraged a previously known vulnerability in SharePoint to gain initial access. Microsoft has identified two Chinese state-sponsored hacking groups, Linen Typhoon and Violet Typhoon, as well as a third group, Storm-2603, exploiting these vulnerabilities. The attacks have been widespread, affecting governments, businesses, and other organizations around the world [1].
Rapid7 has reported that the vulnerability, CVE-2025-53770, is a critical Remote Code Execution (RCE) vulnerability affecting on-premise SharePoint servers. This vulnerability has been actively exploited in the wild and has a CVSS base score of 9.8, indicating a high level of risk. Microsoft has released patches for affected SharePoint editions, and organizations are advised to upgrade to fixed versions on an emergency basis [2].
The NNSA's breach highlights the ongoing threat of cyberattacks on critical infrastructure. While no sensitive information was compromised in this incident, the attack serves as a reminder of the importance of robust cybersecurity measures and the need for organizations to stay vigilant against evolving threats. The full extent of the damage from this breach is still being assessed.
References:
[1] https://www.bloomberg.com/news/articles/2025-07-23/us-nuclear-weapons-agency-breached-in-microsoft-sharepoint-hack
[2] https://www.rapid7.com/blog/post/etr-zero-day-exploitation-of-microsoft-sharepoint-servers-cve-2025-53770/
MSFT--
RPD--
The US National Nuclear Security Administration, responsible for maintaining and designing the nation's nuclear weapons cache, was breached in a hack of Microsoft's SharePoint document management software. No sensitive or classified information was compromised, but other parts of the Energy Department were also affected. Hackers exploited a zero-day vulnerability in SharePoint to breach the agency, which was also affected in a 2020 SolarWinds Corp. attack. Microsoft blames Chinese state-sponsored hackers for the attacks, which have breached governments, businesses, and organizations worldwide.
The US National Nuclear Security Administration (NNSA), responsible for maintaining and designing the nation's nuclear weapons cache, was recently breached in a hack of Microsoft's SharePoint document management software. According to a person with knowledge of the matter, no sensitive or classified information was compromised in the attack on the NNSA, which is a semiautonomous arm of the Energy Department. Other parts of the department were also affected [1].The breach occurred as part of a larger campaign exploiting a zero-day vulnerability in Microsoft SharePoint. The attack began on July 18, 2025, and affected the Department of Energy, which has since been minimally impacted due to its robust cybersecurity systems. The NNSA's role in counterterrorism, nuclear weapons transportation, and providing nuclear reactors for submarines was not compromised [1].
The hackers leveraged a previously known vulnerability in SharePoint to gain initial access. Microsoft has identified two Chinese state-sponsored hacking groups, Linen Typhoon and Violet Typhoon, as well as a third group, Storm-2603, exploiting these vulnerabilities. The attacks have been widespread, affecting governments, businesses, and other organizations around the world [1].
Rapid7 has reported that the vulnerability, CVE-2025-53770, is a critical Remote Code Execution (RCE) vulnerability affecting on-premise SharePoint servers. This vulnerability has been actively exploited in the wild and has a CVSS base score of 9.8, indicating a high level of risk. Microsoft has released patches for affected SharePoint editions, and organizations are advised to upgrade to fixed versions on an emergency basis [2].
The NNSA's breach highlights the ongoing threat of cyberattacks on critical infrastructure. While no sensitive information was compromised in this incident, the attack serves as a reminder of the importance of robust cybersecurity measures and the need for organizations to stay vigilant against evolving threats. The full extent of the damage from this breach is still being assessed.
References:
[1] https://www.bloomberg.com/news/articles/2025-07-23/us-nuclear-weapons-agency-breached-in-microsoft-sharepoint-hack
[2] https://www.rapid7.com/blog/post/etr-zero-day-exploitation-of-microsoft-sharepoint-servers-cve-2025-53770/
Stay ahead of the market.
Get curated U.S. market news, insights and key dates delivered to your inbox.
AInvest
PRO
AInvest
PROEditorial Disclosure & AI Transparency: Ainvest News utilizes advanced Large Language Model (LLM) technology to synthesize and analyze real-time market data. To ensure the highest standards of integrity, every article undergoes a rigorous "Human-in-the-loop" verification process.
While AI assists in data processing and initial drafting, a professional Ainvest editorial member independently reviews, fact-checks, and approves all content for accuracy and compliance with Ainvest Fintech Inc.’s editorial standards. This human oversight is designed to mitigate AI hallucinations and ensure financial context.
Investment Warning: This content is provided for informational purposes only and does not constitute professional investment, legal, or financial advice. Markets involve inherent risks. Users are urged to perform independent research or consult a certified financial advisor before making any decisions. Ainvest Fintech Inc. disclaims all liability for actions taken based on this information. Found an error?Report an Issue
Comments
No comments yet