Microsoft SharePoint Hack Exposes US Nuclear Weapons Agency

The US National Nuclear Security Administration, responsible for maintaining and designing the nation's nuclear weapons cache, was breached in a hack of Microsoft's SharePoint document management software. No sensitive or classified information was compromised, but other parts of the Energy Department were also affected. Hackers exploited a zero-day vulnerability in SharePoint to breach the agency, which was also affected in a 2020 SolarWinds Corp. attack. Microsoft blames Chinese state-sponsored hackers for the attacks, which have breached governments, businesses, and organizations worldwide.

The US National Nuclear Security Administration (NNSA), responsible for maintaining and designing the nation's nuclear weapons cache, was recently breached in a hack of Microsoft's SharePoint document management software. According to a person with knowledge of the matter, no sensitive or classified information was compromised in the attack on the NNSA, which is a semiautonomous arm of the Energy Department. Other parts of the department were also affected [1].

The breach occurred as part of a larger campaign exploiting a zero-day vulnerability in Microsoft SharePoint. The attack began on July 18, 2025, and affected the Department of Energy, which has since been minimally impacted due to its robust cybersecurity systems. The NNSA's role in counterterrorism, nuclear weapons transportation, and providing nuclear reactors for submarines was not compromised [1].

The hackers leveraged a previously known vulnerability in SharePoint to gain initial access. Microsoft has identified two Chinese state-sponsored hacking groups, Linen Typhoon and Violet Typhoon, as well as a third group, Storm-2603, exploiting these vulnerabilities. The attacks have been widespread, affecting governments, businesses, and other organizations around the world [1].

Rapid7 has reported that the vulnerability, CVE-2025-53770, is a critical Remote Code Execution (RCE) vulnerability affecting on-premise SharePoint servers. This vulnerability has been actively exploited in the wild and has a CVSS base score of 9.8, indicating a high level of risk. Microsoft has released patches for affected SharePoint editions, and organizations are advised to upgrade to fixed versions on an emergency basis [2].

The NNSA's breach highlights the ongoing threat of cyberattacks on critical infrastructure. While no sensitive information was compromised in this incident, the attack serves as a reminder of the importance of robust cybersecurity measures and the need for organizations to stay vigilant against evolving threats. The full extent of the damage from this breach is still being assessed.

References:
[1] https://www.bloomberg.com/news/articles/2025-07-23/us-nuclear-weapons-agency-breached-in-microsoft-sharepoint-hack
[2] https://www.rapid7.com/blog/post/etr-zero-day-exploitation-of-microsoft-sharepoint-servers-cve-2025-53770/