The National Nuclear Security Administration (NNSA) has been hit by a sophisticated cyberattack that exploited a previously unknown vulnerability in Microsoft SharePoint, and is being widely described by one of the most serious breaches of US defense infrastructure this year. Fingers in the West are pointing to Beijing.
Hackers believed linked to the Chinese government used a zero-day exploit targeting on-premises versions of SharePoint to infiltrate over 50 organizations, including the agency responsible for the Navy’s nuclear submarine reactors. China is vehemently denying the charge.
The NNSA oversees both the production of nuclear reactors for submarines and the maintenance of the US nuclear arsenal. Cybersecurity experts are currently describing what’s known as an advanced remote code execution (RCE) attack.
The vulnerability reportedly affected SharePoint Server 2019 and the Subscription Edition, which allowed attackers to bypass security protocols and execute arbitrary commands on targeted systems, as described in Bloomberg.
The US Department of Energy is well-known to use Microsoft 365 cloud systems for a lot of its SharePoint work. “The department was minimally impacted due to its widespread use of the Microsoft M365 cloud and very capable cybersecurity systems,” a Department of Energy spokesperson conveyed in a statement to Bloomberg. “A very small number of systems were impacted. All impacted systems are being restored.”
It’s believed the hackers were able to gain unauthorized access, steal data, collect login credentials, and potentially move deeper into connected networks; however, the Department of Energy has claimed no classified or sensitive nuclear data was compromised in the breach.
Hellbound and Down 