US nuclear weapons agency reportedly breached in Microsoft SharePoint attacks

Hours after Microsoft revealed that hacking groups affiliated with the Chinese government have been exploiting a flaw in its SharePoint software, Bloomberg reported that the National Nuclear Security Administration was also breached in the attacks.

A single source told Bloomberg that the agency, which provides the US Navy with nuclear reactors for submarines, was caught up in the zero-day vulnerability that has hit more than 50 organizations in recent days. The exploit affects on-premises versions of SharePoint, but not the SharePoint Online service that Microsoft operates as part of its Microsoft 365 cloud service.

While the nuclear weapons agency has reportedly been affected by the SharePoint exploit, no sensitive or classified information has leaked, according to Bloomberg. That might be because the US Department of Energy uses Microsoft 365 cloud systems for a lot of its SharePoint work. “The department was minimally impacted due to its widespread use of the Microsoft M365 cloud and very capable cybersecurity systems,” a department spokesperson said in a statement to Bloomberg. “A very small number of systems were impacted. All impacted systems are being restored.”

Microsoft has now patched all versions of SharePoint that have been impacted by the zero-day exploit. The flaw allowed hackers to remotely access SharePoint servers and steal data, passwords, and even move across connected services. It appears to have originated from a combination of two bugs that were presented at the Pwn2Own hacking contest in May.