The US government agency in charge of designing and maintaining nuclear weapons was among those breached by a hack of Microsoft’s SharePoint server software, Bloomberg reported. However, attackers weren’t able to obtain any sensitive or classified information, according to an unnamed source with knowledge of the matter.
The breach occurred at the National Nuclear Security Administration, an arm of the Energy Department responsible for producing and dismantling nuclear arms. “On Friday, July 18th, the exploitation of a Microsoft SharePoint zero-day vulnerability began affecting the Department of Energy,” a spokesperson told Bloomberg. “A very small number of systems were impacted. All impacted systems are being restored.”
The exploit only affects SharePoint for on-premises servers. The Department of energy said it was minimally impacted because it widely uses Microsoft M365 cloud “and very capable cybersecurity systems,” the spokesperson added.
Microsoft blamed the attack on state-sponsored Chinese hackers. They reportedly exploited flaws in SharePoint document management software and were able to access and control systems and steal security credentials and tokens. “It’s a dream for ransomware operators,” Google’s Threat Intelligence Group said, adding that the flaw allows “persistent, unauthenticated access that can bypass future patching.”
Attackers also accessed the US Education Department and Florida’s Department of Revenue, along with government systems in other nations including the Middle East and Europe. Microsoft announced on Monday that it had released a new security patch “to mitigate active attacks targeting on-premises [and not online] servers.”
