Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Incidents

US Nuclear Agency Breached in MS Hack

July 23, 2025
Reading Time: 3 mins read
in Incidents
UK Advances Plan to Report Ransomware Attack

Microsoft recently disclosed that hacking groups linked to the Chinese government have been actively exploiting a critical vulnerability within its SharePoint software. This revelation was closely followed by a Bloomberg News report indicating that the National Nuclear Security Administration (NNSA), a crucial department responsible for providing nuclear reactors to the Navy’s submarines, was among the organizations affected by these sophisticated attacks. The breach is attributed to a “zero-day” vulnerability, meaning it was unknown to Microsoft and the public before its exploitation, and it has impacted more than 50 organizations in recent days. Importantly, the exploit specifically targeted on-premises versions of SharePoint, leaving Microsoft’s cloud-based SharePoint Online service, part of Microsoft 365, unaffected.

Despite the NNSA being compromised, Bloomberg’s reporting suggests that no sensitive or classified information was leaked as a result of the breach.

This fortunate outcome is largely attributed to the US Department of Energy’s (which oversees the NNSA) extensive use of Microsoft 365 cloud systems for a significant portion of its SharePoint operations. A spokesperson for the Department of Energy confirmed this, stating that the department was “minimally impacted due to its widespread use of the Microsoft M365 cloud and very capable cybersecurity systems.” They further clarified that only a “very small number of systems were impacted,” and efforts to restore all affected systems are underway.

The exploited vulnerability allowed attackers to gain remote access to SharePoint servers, enabling them to steal data, compromise passwords, and even navigate across interconnected services. This significant security flaw appears to have originated from a combination of two distinct bugs that were publicly showcased at the Pwn2Own hacking contest in May.

Such events often reveal vulnerabilities that can subsequently be weaponized by malicious actors if not promptly addressed by software vendors.

In response to the widespread exploitation and the serious nature of the vulnerability, Microsoft has acted swiftly to develop and release patches for all versions of SharePoint that were impacted by this zero-day exploit. The availability of these patches is crucial for organizations to secure their systems against further attacks. It underscores the ongoing cat-and-mouse game between software developers and malicious hackers, where the discovery and swift remediation of vulnerabilities are paramount to maintaining cybersecurity.

This incident serves as a stark reminder of the persistent and evolving threat posed by state-sponsored hacking groups. The targeting of critical infrastructure and government agencies highlights the strategic importance of robust cybersecurity defenses and the continuous vigilance required to protect sensitive information. It also emphasizes the benefits of cloud-based services like Microsoft 365, which often benefit from more rapid and centralized security updates and monitoring compared to on-premises solutions, as demonstrated by the limited impact on the Department of Energy.

Reference:

  • US Nuclear Weapons Agency Reportedly Breached During Cyberattacks Exploiting Microsoft SharePoint
Tags: cyber incidentsCyber Incidents 2025Cyber threatsJuly 2025
ADVERTISEMENT

Related Posts

Nexar Dashcam Database Breached

Nexar Dashcam Database Breached

September 10, 2025
Nexar Dashcam Database Breached

Cornwell Tools Data Breach Hits 104k

September 10, 2025
Nexar Dashcam Database Breached

Wealthsimple Platform Data Breach

September 10, 2025
Lovesac Confirms Breach After Attack

Plex Users Told To Reset Passwords

September 9, 2025
Lovesac Confirms Breach After Attack

Hackers Steal Secrets In GitHub Attack

September 9, 2025
Lovesac Confirms Breach After Attack

Lovesac Confirms Breach After Attack

September 9, 2025

Latest Alerts

Unreported Domains Expose Salt Typhoon

Hackers Exploit Adobe Commerce Bug

Microsoft Warns of AD DS Flaw

Windows Defender Flaw Enables Hijack

Npm Packages Compromised In Attack

GPUGate Abuse of Google Ads and GitHub

Subscribe to our newsletter

    Latest Incidents

    Nexar Dashcam Database Breached

    Wealthsimple Platform Data Breach

    Cornwell Tools Data Breach Hits 104k

    Hackers Steal Secrets In GitHub Attack

    Plex Users Told To Reset Passwords

    Lovesac Confirms Breach After Attack

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial