The National Nuclear Security Administration (NNSA), the US agency overseeing the nation's nuclear arsenal, was among those affected by a recent cyberattack targeting Microsoft’s SharePoint software, a person familiar with the matter confirmed to Bloomberg on Tuesday.
The Energy Department acknowledged a breach beginning July 18 due to a zero-day vulnerability in SharePoint but described the impact as minimal, affecting only a small number of systems. “The department was minimally impacted due to its widespread use of the Microsoft M365 cloud and very capable cybersecurity systems,” a spokesperson said, as quoted by Bloomberg.
Microsoft attributed the campaign to Chinese state-sponsored hacking groups, including Linen Typhoon, Violet Typhoon, and Storm-2603, which exploited SharePoint vulnerabilities to infiltrate various global and US government networks. The Education Department and local government entities in Florida and Rhode Island were also targeted.
The NNSA’s core responsibilities include nuclear weapons security, nuclear-powered Navy reactors, and radiological emergency response. Officials stressed that no classified data was compromised.