The U.S. National Nuclear Security Administration (NNSA), a critical component of the Department of Energy, has been compromised in a high-profile cyberattack targeting its SharePoint infrastructure. The breach, which emerged on July 18th, exploited a zero-day vulnerability in Microsoft SharePoint, a popular document-sharing platform, according to the Department of Energy. The agency confirmed it was aware of the breach but stated that no sensitive or classified information was stolen at this time. While the Department of Energy has not disclosed the extent of the breach, it emphasized that the majority of its systems operate in the cloud, significantly limiting the scale of the attack.
Microsoft has raised alarms about the global spread of the SharePoint vulnerability, with security researchers reporting that over 400 organizations worldwide have been impacted. This breach has attracted attention from both private and public security experts, with reports indicating that the SharePoint exploit has already been used by several state-backed groups, including Linen Typhoon and Violet Typhoon, which are believed to be affiliated with the Chinese Communist Party (CCP). According to Microsoft, these groups have been using the flaw to infiltrate organizations that host SharePoint on their own networks rather than through the company’s cloud service. While the Department of Energy primarily relies on Microsoft’s cloud services, the breach still managed to affect a small number of systems, which are currently being restored.
The incident has intensified concerns about the growing cybersecurity threats posed by China, leading to increased scrutiny of the country’s involvement in U.S. defense projects. In response to the breach, the U.S. Cybersecurity and Infrastructure Security Agency has acknowledged the active exploitation of the SharePoint vulnerability. The breach has also prompted renewed calls for stricter cybersecurity measures, particularly in the realm of defense technology. Microsoft CEO Satya Nadella has previously committed to improving cybersecurity following a government report that criticized the company’s handling of a Chinese cyber breach involving the emails of U.S. government officials. Recently, the company has also announced plans to stop using Chinese-based engineers for technical support on the Defense Department’s cloud programs, following a ProPublica report that highlighted potential vulnerabilities exposed by this practice.
On the Chinese side, a spokesperson from the Chinese Foreign Ministry, Guo Jiakun, addressed the breach by stating that China opposes hacking activities under international law but also emphasized that it opposes efforts to smear or attack China using cybersecurity issues. This response highlights the ongoing tension between the U.S. and China regarding cybersecurity, with the incident underscoring the need for stronger international cooperation and transparency. Meanwhile, cybersecurity expert Charles Carmakal of Mandiant, a Google-owned firm, confirmed that at least one of the groups involved in the attack was a “China-nexus threat actor,” further solidifying the link between the breach and state-sponsored cyber activities. The incident has sparked a broader discussion about the need for enhanced protections against state-sponsored cyber threats, particularly in sectors that handle sensitive information or critical infrastructure.