The Department of Energy’s semi-autonomous National Nuclear Security Administration (NNSA), the agency in charge of managing the nation’s nuclear weapons stockpile, was one of hundreds of organizations affected by a massive SharePoint hack.
While the bug was discovered last week, Microsoft said in a blog post Tuesday that three Chinese actors were exploiting vulnerabilities in SharePoint as early as July 7: Linen Typhoon, Violet Typhoon, and Storm-2603. Microsoft said investigations into other actors are still ongoing.
The exploited vulnerability supposedly allows hackers to run a software code on its victims’ servers from remote locations, and then potentially install malicious software and steal data.
Bloomberg reported that no sensitive information appears to have been stolen in the NNSA hack. “The department was minimally impacted due to its widespread use of the Microsoft M365 cloud and very capable cybersecurity systems,” a DOE spokesperson said in the article.
Since many government agencies run Microsoft software on their servers, around 400 agencies were affected, many of which being government agencies.
This is a developing story.
