URGENT UPDATE: A significant cyberattack has breached the U.S. National Nuclear Security Administration (NNSA), raising alarms over national security. The Department of Energy (DoE) confirmed this breach occurred due to a vulnerability in Microsoft’s SharePoint software as of July 18, 2023. Although sensitive information remains intact, the implications of this breach are profound.
The DoE disclosed that the exploitation of a zero-day vulnerability began affecting their systems, including the NNSA, which is responsible for managing the nation’s nuclear weapons stockpiles. “All impacted systems are being restored,” officials stated, noting that only a “very small number of systems” were affected due to their predominant use of cloud services.
The breach has now affected 400 victims globally, as reported by Netherlands-based Eye Security. Chinese state-sponsored groups, including Linen Typhoon and Violet Typhoon, are reportedly behind the attack, exploiting flaws in the document-sharing software, primarily when used on local networks.
Microsoft has raised alarms about these cyber threats, confirming that actors linked to the Chinese Communist Party (CCP) are actively targeting institutions worldwide. Another hacking entity, Storm-2603, has also been identified as exploiting similar vulnerabilities, reinforcing the urgency of this threat.
In response to inquiries regarding the breach, Chinese foreign ministry spokesperson Guo Jiakun stated, “China opposes and fights hacking activities in accordance with the law,” dismissing the allegations as smears against China. This statement comes as the U.S. Cybersecurity and Infrastructure Security Agency (CISA) reported being “aware of active exploitation” of the SharePoint vulnerability.
This incident has significant implications for national security and cybersecurity. Just last week, Microsoft announced it would cease using China-based engineers for certain Defense Department projects, following concerns that such practices could expose sensitive U.S. information to foreign threats.
As the situation develops, cybersecurity experts are closely monitoring the landscape. Charles Carmakal, chief technology officer of Mandiant, emphasized that at least one group involved in the hack is a “China-nexus threat actor,” highlighting the serious nature of this breach.
The urgency of this situation cannot be overstated. As investigations continue, authorities urge all organizations to enhance their cybersecurity protocols and remain vigilant against potential further attacks. The ramifications of this breach could extend far beyond the immediate impact, affecting national security policies and international relations.
Stay tuned for more updates on this developing story as authorities work to assess the full scale of the breach and mitigate its effects.
