Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Incidents

US Nuclear Agency Breached in MS Hack

July 23, 2025
Reading Time: 3 mins read
in Incidents
UK Advances Plan to Report Ransomware Attack

Microsoft recently disclosed that hacking groups linked to the Chinese government have been actively exploiting a critical vulnerability within its SharePoint software. This revelation was closely followed by a Bloomberg News report indicating that the National Nuclear Security Administration (NNSA), a crucial department responsible for providing nuclear reactors to the Navy’s submarines, was among the organizations affected by these sophisticated attacks. The breach is attributed to a “zero-day” vulnerability, meaning it was unknown to Microsoft and the public before its exploitation, and it has impacted more than 50 organizations in recent days. Importantly, the exploit specifically targeted on-premises versions of SharePoint, leaving Microsoft’s cloud-based SharePoint Online service, part of Microsoft 365, unaffected.

Despite the NNSA being compromised, Bloomberg’s reporting suggests that no sensitive or classified information was leaked as a result of the breach.

This fortunate outcome is largely attributed to the US Department of Energy’s (which oversees the NNSA) extensive use of Microsoft 365 cloud systems for a significant portion of its SharePoint operations. A spokesperson for the Department of Energy confirmed this, stating that the department was “minimally impacted due to its widespread use of the Microsoft M365 cloud and very capable cybersecurity systems.” They further clarified that only a “very small number of systems were impacted,” and efforts to restore all affected systems are underway.

The exploited vulnerability allowed attackers to gain remote access to SharePoint servers, enabling them to steal data, compromise passwords, and even navigate across interconnected services. This significant security flaw appears to have originated from a combination of two distinct bugs that were publicly showcased at the Pwn2Own hacking contest in May.

Such events often reveal vulnerabilities that can subsequently be weaponized by malicious actors if not promptly addressed by software vendors.

In response to the widespread exploitation and the serious nature of the vulnerability, Microsoft has acted swiftly to develop and release patches for all versions of SharePoint that were impacted by this zero-day exploit. The availability of these patches is crucial for organizations to secure their systems against further attacks. It underscores the ongoing cat-and-mouse game between software developers and malicious hackers, where the discovery and swift remediation of vulnerabilities are paramount to maintaining cybersecurity.

This incident serves as a stark reminder of the persistent and evolving threat posed by state-sponsored hacking groups. The targeting of critical infrastructure and government agencies highlights the strategic importance of robust cybersecurity defenses and the continuous vigilance required to protect sensitive information. It also emphasizes the benefits of cloud-based services like Microsoft 365, which often benefit from more rapid and centralized security updates and monitoring compared to on-premises solutions, as demonstrated by the limited impact on the Department of Energy.

Reference:

  • US Nuclear Weapons Agency Reportedly Breached During Cyberattacks Exploiting Microsoft SharePoint
Tags: cyber incidentsCyber Incidents 2025Cyber threatsJuly 2025
ADVERTISEMENT

Related Posts

AI Forged Military IDs Used In Phishing

AI Forged Military IDs Used In Phishing

September 18, 2025
AI Forged Military IDs Used In Phishing

ShinyHunters Claims Salesforce Data Theft

September 18, 2025
AI Forged Military IDs Used In Phishing

Insight Partners Warns After Data Breach

September 18, 2025
DHS Data Hub Leaked Sensitive Intel

DHS Data Hub Leaked Sensitive Intel

September 17, 2025
DHS Data Hub Leaked Sensitive Intel

Worm Infects 180 npm Packages

September 17, 2025
DHS Data Hub Leaked Sensitive Intel

Jaguar Land Rover Delays Restart After Cyberattack

September 17, 2025

Latest Alerts

FileFix Uses Steganography To Drop StealC

Apple Backports Fix For Exploited Bug

Google Removes 224 Android Malware Apps

ChatGPT Calendar Flaw Lets Email Theft

Windows Update Breaks SMBv1 Shares

Scattered Spider Returns Despite Exit

Subscribe to our newsletter

    Latest Incidents

    AI Forged Military IDs Used In Phishing

    Insight Partners Warns After Data Breach

    ShinyHunters Claims Salesforce Data Theft

    DHS Data Hub Leaked Sensitive Intel

    Worm Infects 180 npm Packages

    Jaguar Land Rover Delays Restart After Cyberattack

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial