&w=3840&q=100)
Did China-linked hackers access US nuclear secrets through Microsoft?
A hooded man holds a laptop computer as blue screen with an exclamation mark is projected on him in this illustration picture taken on May 13, 2017. Representational Image/Reuters
A newly uncovered vulnerability in Microsoft's SharePoint server software has led to a significant cybersecurity intrusion involving government agencies and private organisations around the world.
Among the most high-profile victims is the US National Nuclear Security Administration (NNSA) — the agency that manages the country's nuclear arsenal.
Although current assessments indicate that no classified or sensitive nuclear information has been compromised, the intrusions have revealed serious flaws in software security practices.
What happened?
The breach emerged after Microsoft announced that hackers were actively exploiting a flaw in on-premises versions of its SharePoint platform — a workplace collaboration system widely used across both public and private sectors.
The flaw allowed attackers to remotely access servers, steal credentials, extract cryptographic keys, and potentially install persistent backdoors for further exploitation.
STORY CONTINUES BELOW THIS AD
This type of vulnerability, classified as a 'zero-day' when first discovered due to the absence of an immediate fix, offered attackers access to internal systems that were not hosted on Microsoft's cloud infrastructure.
Microsoft released partial mitigation guidance earlier this month but only issued comprehensive patches for all affected SharePoint versions on Monday, by which time attackers had already begun exploiting the flaw.
The issue does not affect cloud-hosted versions of SharePoint, but organisations that maintained self-managed SharePoint installations have been exposed to considerable risk.
How is China involved?
Microsoft publicly disclosed that at least three threat actors based in China — tracked as Linen Typhoon, Violet Typhoon, and Storm-2603 — were actively using the vulnerability to attack internet-facing SharePoint servers.
Two of these groups are believed to be associated with Chinese intelligence agencies, while the third remains under investigation.
In a blog post published Tuesday, Microsoft stated, 'As of this writing, Microsoft has observed two named Chinese nation-state actors, Linen Typhoon and Violet Typhoon, exploiting these vulnerabilities targeting internet-facing SharePoint servers. In addition, we have observed another China-based threat actor, tracked as Storm-2603, exploiting these vulnerabilities.'
This revelation comes amid a broader cyber exploitation campaign believed to involve multiple hacking entities. According to Microsoft and private security firms involved in the investigation, groups not connected to China have also begun leveraging the same SharePoint flaw to infiltrate targets.
These actors have varying motivations, including data theft, espionage and ransomware deployment.
STORY CONTINUES BELOW THIS AD
'It's critical to understand that multiple actors are now actively exploiting this vulnerability,' Charles Carmakal, Chief Technology Officer at Google's Mandiant Consulting, told The Washington Post.
'We fully anticipate that this trend will continue, as various other threat actors, driven by diverse motivations, will leverage this exploit as well.'
Who in the US has been impacted?
Investigators have confirmed that at least two US federal agencies have been impacted by the breach, with one US official involved in the incident response saying the number could rise to 'four to five' or more as the situation unfolds.
A second official confirmed that the number of affected agencies is likely greater than what has been publicly acknowledged so far, reported The Washington Post.
The National Nuclear Security Administration (NNSA) was among the institutions infiltrated, according to a Bloomberg report.
Although preliminary assessments suggest that no classified nuclear-related data was accessed, the fact that the agency responsible for safeguarding nuclear weapons was breached has intensified concerns in national security circles.
Eye Security, a private cybersecurity firm, reported that at least 54 organisations have suffered breaches related to the SharePoint exploit.
The victims include a private US university, a California-based private energy provider, and a federal health agency.
STORY CONTINUES BELOW THIS AD
Investigators have also found evidence linking US-based compromised servers to IP addresses inside China during the active exploitation window last weekend.
Despite the mounting evidence implicating Chinese hacking groups, the US government has not officially attributed the campaign to Beijing.
The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have acknowledged their involvement in addressing the breach but have refrained from commenting on attribution or the total number of agencies affected.
The White House has also declined to issue a statement on China's possible role.
How has Beijing responded to the allegations?
The Chinese Embassy in Washington responded to inquiries about the incident by reiterating its standard position on cybercrime: 'China firmly opposes and combats all forms of cyber attacks and cyber crime — a position that is consistent and clear,' a spokesperson said.
'At the same time, we also firmly oppose smearing others without solid evidence.'
This statement echoes prior Chinese responses to cyber espionage accusations by Western governments. Although China did not deny the allegations outright, it maintained that it is a victim of cyber intrusions as well.
Security researchers assisting US federal investigators have pointed out that some of the early victims were organisations with a strategic interest to the Chinese government.
STORY CONTINUES BELOW THIS AD
One analyst noted that network activity from affected SharePoint systems was traced to IP addresses geolocated in mainland China.
'We assess that at least one of the actors responsible for this early exploitation is a China-nexus threat actor,' said Carmakal, whose firm is directly involved in the response effort.
How is Microsoft dealing with the breach?
Critics argue that Microsoft has failed to adequately safeguard its widely used software, despite its central role in supporting sensitive systems across government and industry.
'Government agencies have become dependent on a company that not only doesn't care about security, but is making billions of dollars selling premium cybersecurity services to address the flaws in its products,' said US Senator Ron Wyden (D-Oregon) in response to the latest incident.
Democratic lawmakers from the House Homeland Security Committee have requested briefings from Microsoft and CISA concerning Microsoft's use of China-based engineers for servicing some US government systems.
This is not the first time Microsoft has faced questions about its security posture in the context of Chinese cyber espionage.
In 2023, Chinese-linked actors exploited a different Microsoft vulnerability to gain access to emails of the US ambassador to China and the US Commerce Secretary. That breach prompted a federal review panel to sharply criticise Microsoft's security practices.
STORY CONTINUES BELOW THIS AD
More recently, the Pentagon announced a review of its entire cloud infrastructure, following reports that engineers based in China had been offering technical support for certain Department of Defense systems.
Microsoft has now patched all vulnerable versions of SharePoint impacted by the flaw. The company stated that it is working closely with CISA, the US Department of Defence's Cyber Defence Command, and other global cybersecurity partners to mitigate the damage.
A Microsoft spokesperson confirmed that the company has been 'coordinating closely' with key stakeholders and is urging customers to implement all security updates immediately.
Beyond patching the flaw, experts recommend that organisations conduct thorough internal reviews. This includes replacing cryptographic keys, deploying advanced anti-malware tools, and auditing systems for signs of compromise.
According to Palo Alto Networks, organisations using SharePoint may also have seen spillover effects into other Microsoft services like Outlook, Teams, OneDrive, and Office, which are often integrated into SharePoint workflows.
The SharePoint exploit is already being described as one of the most serious cybersecurity incidents of US President Donald Trump's second term.
STORY CONTINUES BELOW THIS AD
Also Watch:
With inputs from agencies
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Time of India
an hour ago
- Time of India
Microsoft heads into Q4 earnings announcement with one big Risk Question: Is the company's AI ...
Microsoft investors who will be attending the company's upcoming fourth quarter earnings call may have one 'big question' for the tech giant. They are expected to ask the company: Is the company's AI 'upper hand' at risk as its partner OpenAI plans to go public while reportedly discussing partnership opportunities with rivals like Google, Oracle and CoreWeave for cloud services? Due to its exclusive licensing deals and access to OpenAI's models, Microsoft has been a significant beneficiary of the generative AI boom. This partnership has reportedly fueled growth in Microsoft's Azure cloud business and pushed its market value toward $4 trillion. According to data shared by Visible Alpha (seen by the news agency Reuters), the tie-up is expected to have driven a 34.8% increase in Microsoft's cloud service Azure's revenue for the April-June quarter, which exceeds the 33% rise in the last quarter. However, the partnership deal is currently being renegotiated as OpenAI aims for a public listing. As per recent reports, a potential deadlock over the extent of Microsoft's access to the technology of the ChatGPT maker and its stake is expected in the coming days, if OpenAI convert into a public-benefit company. This conversion requires Microsoft's approval and is crucial for a $40 billion funding round led by SoftBank Group, with $20 billion contingent on the restructuring being finalised by the end of 2025. Meanwhile, OpenAI has recently deepened its Oracle ties with a planned 4.5 gigawatts of data centre capacity and added Google Cloud as a supplier for computing capacity. Why investors may still have confidence in the Microsoft OpenAI deal According to a report by Reuters, UBS analysts have noted that investor opinions on the Microsoft–OpenAI deal are mixed. However, Microsoft maintains a stronger position in the partnership. 'Microsoft's leadership earned enough credibility … such that the company will end up negotiating terms that will be in the interest of its shareholders,' the analysts said to Reuters. Some of that confidence among investors appears to be reflected in Microsoft's stock performance, which has gained over 20% so far this year. During the April–June period (fourth quarter of Microsoft's fiscal year), the company may have seen positive effects from a weaker dollar, steady demand for non-AI Azure services, and early Windows orders by PC makers anticipating potential US tariffs, Reuters noted. Meanwhile, revenue is projected to have grown by 14% to $73.81 billion, marking its most significant increase in three quarters, according to LSEG data seen by Reuters. The company's profit is also expected to have risen 14.2% to $25.16 billion, though this represents a slightly slower pace than the prior quarter due to higher operating expenses. Apart from this, capital spending is also likely to draw attention in the earnings call after Alphabet recently announced $10 billion increase in its annual budget. Microsoft has indicated it is still facing capacity limits in AI and suggested further capital expenditure growth after spending over $80 billion last fiscal year. However, the pace may be slower and focused on shorter-term assets like AI chips. According to Dan Morgan of Synovus Trust, who holds Microsoft stock, the investment appears to be yielding results. 'Investors may still be underestimating the potential for Microsoft's AI business to drive durable consumption growth in the agentic AI era,' Morgan said to Reuters. iQOO Z10R 5G goes on Sale: BEST Budget Phone for Content Creators? AI Masterclass for Students. Upskill Young Ones Today!– Join Now
Time of India
an hour ago
- Time of India
Creating realistic deepfakes getting easier than ever, fighting back may take even more AI
For Washington insiders, seeing and hearing is no longer believing, thanks to a spate of recent incidents involving deepfakes impersonating top officials in President Donald Trump's administration. Digital fakes are coming for corporate America, too, as criminal gangs and hackers associated with adversaries including North Korea use synthetic video and audio to impersonate CEOs and low-level job candidates to gain access to critical systems or business secrets. Thanks to advances in artificial intelligence , creating realistic deepfakes is easier than ever, causing security problems for governments, businesses and private individuals and making trust the most valuable currency of the digital age. Responding to the challenge will require laws, better digital literacy and technical solutions that fight AI with more AI. "As humans, we are remarkably susceptible to deception," said Vijay Balasubramaniyan, CEO and founder of the tech firm Pindrop Security. But he believes solutions to the challenge of deepfakes may be within reach: "We are going to fight back." AI deepfakes become a national security threat This summer, someone used AI to create a deepfake of Secretary of State Marco Rubio in an attempt to reach out to foreign ministers, a US senator and a governor over text, voice mail and the Signal messaging app. In May someone impersonated Trump's chief of staff, Susie Wiles. Another phony Rubio had popped up in a deepfake earlier this year, saying he wanted to cut off Ukraine's access to Elon Musk's Starlink internet service. Ukraine's government later rebutted the false claim. The national security implications are huge: People who think they're chatting with Rubio or Wiles, for instance, might discuss sensitive information about diplomatic negotiations or military strategy. "You're either trying to extract sensitive secrets or competitive information or you're going after access, to an email server or other sensitive network," Kinny Chan, CEO of the cybersecurity firm QiD, said of the possible motivations. Synthetic media can also aim to alter behaviour. Last year, Democratic voters in New Hampshire received a robocall urging them not to vote in the state's upcoming primary. The voice on the call sounded suspiciously like then-President Joe Biden but was actually created using AI. Their ability to deceive makes AI deepfakes a potent weapon for foreign actors. Both Russia and China have used disinformation and propaganda directed at Americans as a way of undermining trust in democratic alliances and institutions. Steven Kramer, the political consultant who admitted sending the fake Biden robocalls, said he wanted to send a message of the dangers deepfakes pose to the American political system. Kramer was acquitted last month of charges of voter suppression and impersonating a candidate. "I did what I did for USD 500," Kramer said. "Can you imagine what would happen if the Chinese government decided to do this?" Scammers target the financial industry with deepfakes The greater availability and sophistication of the programmes mean deepfakes are increasingly used for corporate espionage and garden variety fraud. "The financial industry is right in the crosshairs," said Jennifer Ewbank, a former deputy director of the CIA who worked on cybersecurity and digital threats. "Even individuals who know each other have been convinced to transfer vast sums of money." In the context of corporate espionage, they can be used to impersonate CEOs asking employees to hand over passwords or routing numbers. Deepfakes can also allow scammers to apply for jobs - and even do them - under an assumed or fake identity. For some this is a way to access sensitive networks, to steal secrets or to install ransomware. Others just want the work and may be working a few similar jobs at different companies at the same time. Authorities in the US have said that thousands of North Koreans with information technology skills have been dispatched to live abroad, using stolen identities to obtain jobs at tech firms in the US and elsewhere. The workers get access to company networks as well as a paycheck. In some cases, the workers install ransomware that can be later used to extort even more money. The schemes have generated billions of dollars for the North Korean government. Within three years, as many as 1 in 4 job applications is expected to be fake, according to research from Adaptive Security, a cybersecurity company. "We've entered an era where anyone with a laptop and access to an open-source model can convincingly impersonate a real person," said Brian Long, Adaptive's CEO. "It's no longer about hacking systems - it's about hacking trust." Experts deploy AI to fight back against AI Researchers, public policy experts and technology companies are now investigating the best ways of addressing the economic, political and social challenges posed by deepfakes. New regulations could require tech companies to do more to identify, label and potentially remove deepfakes on their platforms. Lawmakers could also impose greater penalties on those who use digital technology to deceive others - if they can be caught. Greater investments in digital literacy could also boost people's immunity to online deception by teaching them ways to spot fake media and avoid falling prey to scammers. The best tool for catching AI may be another AI programme, one trained to sniff out the tiny flaws in deepfakes that would go unnoticed by a person. Systems like Pindrop's analyse millions of datapoints in any person's speech to quickly identify irregularities. The system can be used during job interviews or other video conferences to detect if the person is using voice cloning software, for instance. Similar programmes may one day be commonplace, running in the background as people chat with colleagues and loved ones online. Someday, deepfakes may go the way of email spam, a technological challenge that once threatened to upend the usefulness of email, said Balasubramaniyan, Pindrop's CEO. "You can take the defeatist view and say we're going to be subservient to disinformation," he said. "But that's not going to happen."
Time of India
2 hours ago
- Time of India
UAE: Driverless taxis now operating in two major Abu Dhabi islands, key info explained
Driverless taxis operating in Abu Dhabi's key urban zones as part of the city's smart mobility strategy/ Image: Abu Dhabi Media Office TL;DR Autonomous taxis now available in Al Reem and Al Maryah Islands Abu Dhabi is expanding its smart transport project with WeRide and Uber The service is growing quickly and expected to reach more areas soon In Abu Dhabi, driverless taxis are no longer just a trial on the outskirts, they're now running in two of the city's busiest and most important areas: Al Reem and Al Maryah Islands. These new routes mark a big step in the city's plan to grow a smart, AI-powered transport network. The service, which started in late 2024 with a small fleet on Saadiyat and Yas Islands, has expanded quickly. It now connects high-traffic business, residential, and financial zones with autonomous vehicles that you can hail through the Uber app. For commuters, it means a new, quieter way to get around. For the city, it's part of a long-term effort to reduce traffic, cut emissions, and use technology to improve daily life. Why These Islands? Al Reem and Al Maryah aren't just random stops. They're some of the busiest places in the city. Packed with offices, apartment towers, and shopping centers, these islands are a real test for self-driving systems. Roads are dense, traffic is unpredictable, and people are always moving. That's why authorities chose them, to show the tech can handle real city life, not just controlled environments. The goal isn't just about showcasing high-tech cars. by Taboola by Taboola Sponsored Links Sponsored Links Promoted Links Promoted Links You May Like Discover Options For Affordable Back Pain Treatments Back Pain Treatment | Search Ads Undo Abu Dhabi wants to make 1 in 4 trips in the city powered by smart transport by 2040. This includes everything from autonomous taxis to electric buses, and eventually more seamless public transport options that talk to each other. Who's Behind the Project? For now, the autonomous taxi fleet is still growing, but it's much bigger than it was just a few months ago. Multiple partners are working together to run the service. The Abu Dhabi Mobility (Integrated Transport Centre), the main government body is managing the project. It's operated in partnership with WeRide, a Chinese-American tech company that specializes in autonomous driving systems. Uber is handling bookings, and local company Tawasul runs the operations on the ground. If you order one of these cars on Uber, you might notice a few things are different. The vehicle drives itself, but some still have a safety operator on board, just in case. It won't feel like a robot car. It'll feel like a regular ride, just quieter, smoother, and with no small talk. The city says these vehicles are packed with safety tools: sensors, cameras, emergency systems. And they're being tested constantly. So far, there's been no public safety incident related to the service. What's the Bigger Plan? What's happening in Abu Dhabi isn't just a showcase for cutting-edge vehicles. It's part of a wider shift happening in how cities think about transportation. Urban planning here is focused on sustainability, livability, and reducing dependence on fossil fuels. That means fewer cars, more public transport, and smarter ways to connect neighborhoods. And it's not just Abu Dhabi. Cities around the world are experimenting with AI-powered mobility, but this city has moved faster than most. It's now the first in the MENA region to operate a commercial fleet of autonomous taxis, with 44 vehicles on the roads and more coming soon. What Comes Next The city isn't stopping here. More areas across Abu Dhabi Island are in line to receive autonomous taxi services in the coming months. Officials say this is part of a broader smart mobility push, one that connects AI with real public needs. As the tech improves, it's expected that these taxis will no longer need backup drivers. And if the rollout stays on track, it won't be long before hailing a driverless ride feels as normal as taking the bus.
