Unknown hackers have infiltrated the network of the National Nuclear Security Administration (NNSA) by exploiting a recently patched Microsoft SharePoint zero-day vulnerability chain.
The NNSA, part of the U.S. Department of Energy, oversees the country’s nuclear weapons stockpile and handles nuclear and radiological emergency responses both domestically and internationally.
A Department of Energy spokesperson confirmed that attackers gained access to NNSA systems last week.
“On Friday, July 18th, a Microsoft SharePoint zero-day vulnerability began impacting the Department of Energy, including the NNSA,” said DOE Press Secretary Ben Dietderich in a statement. “The Department was minimally affected due to its extensive use of Microsoft M365 cloud services and strong cybersecurity systems.”
According to Dietderich, only a small number of systems were affected, and recovery efforts are underway. Bloomberg, citing agency insiders, reported that there is no indication sensitive or classified data was accessed during the breach.
This isn’t the first time the NNSA has been targeted. In 2019, APT29, a Russian state-sponsored group linked to the SVR, compromised the agency through a trojanized SolarWinds Orion software update.
Found this article interesting? Follow us on X(Twitter) ,Threads and FaceBook to read more exclusive content we post.
