The US agency in charge of overseeing the country’s nuclear weapons program was among several federal entities affected by a cyberattack exploiting a vulnerability in Microsoft SharePoint software. The breach impacted the National Nuclear Security Administration (NNSA), part of the Department of Energy responsible for the maintenance and dismantling of nuclear arms.
No classified or sensitive data appears to have been compromised, Bloomberg reports. The intrusion stemmed from a zero-day flaw affecting organizations that operate SharePoint on their own servers rather than using Microsoft’s cloud services.
Microsoft has attributed the exploitation to multiple China-based cyber groups, including Linen Typhoon, Violet Typhoon, and a separate group known as Storm-2603. These actors took advantage of the vulnerability to deploy malicious scripts that could extract MachineKeys keys from affected systems. The technique involved uploading a crafted web shell to SharePoint servers, allowing attackers to access secure data remotely.
The Department of Energy confirmed it was affected on July 18 but described the impact as minimal. A small number of systems were reportedly disrupted and are in the process of being restored.