Bloomberg has reported that the National Nuclear Security Administration (NNSA)—a division of the U.S. Department of Energy responsible for the design and maintenance of the country’s nuclear arsenal—has fallen victim to a significant cyberattack. The breach exploited a critical zero-day vulnerability in Microsoft’s SharePoint platform.
اضافة اعلان
Details of the Attack and Its Impact
According to a Department of Energy spokesperson, the attack began on Friday, July 18. Despite the seriousness of the vulnerability, a source familiar with the investigation confirmed that the attackers did not gain access to any classified information. The department stated that the damage was very limited, affecting only a small number of on-premises servers running SharePoint. The limited impact was attributed to the department's reliance on Microsoft’s M365 cloud services and advanced cybersecurity infrastructure.
Perpetrators and Scope of the Breach
Microsoft has attributed the attack to a state-sponsored hacking group linked to the Chinese government. The group reportedly exploited vulnerabilities in SharePoint to infiltrate systems, gain control, and steal security credentials and access tokens.
According to Google’s Threat Analysis Group, the exploited vulnerability is considered “a dream for ransomware operators” due to its ability to provide persistent unauthorized access and evade future security patches.
The attack was not limited to the NNSA. Other victims included the U.S. Department of Education, the Florida Department of Revenue, and several government systems in countries across the Middle East and Europe.
Response Measures
On Monday, Microsoft released a new security update to address the active attacks targeting on-premises SharePoint servers. The company emphasized that cloud-based servers were not affected.
