Latest news with #NationalNuclearSecurityAdministration
Bloomberg
5 days ago
- Business
- Bloomberg
Allegra Stratton: Cyber Insecurity, yet Another Threat to Watch
News that Chinese hackers exploited a vulnerability in Microsoft's SharePoint to hack into hundreds of businesses will have sent (another) shiver through C-suite group chats the world over. In the week since it emerged, it's become clear that some 400 governments, corporations and institutions have been pole-axed by it, and Bloomberg's team has been across all angles. Most alarmingly, our journalists reported that this round of hacks included the US National Nuclear Security Administration – the body responsible for maintaining and designing the US's cache of nuclear weapons. Even though classified information doesn't appear to have been accessed, experts told our team that information about employees could nonetheless be exploited.
WIRED
7 days ago
- WIRED
Microsoft Put Older Versions of SharePoint on Life Support. Hackers Are Taking Advantage
Jul 23, 2025 5:59 PM Multiple hacking groups—including state actors from China—have targeted a vulnerability in older, on-premises versions of the file-sharing tool after a flawed attempt to patch it. Photograph:Hundreds of organizations around the world suffered data breaches this week, as an array of hackers rushed to exploit a recently discovered vulnerability in older versions of the Microsoft file-sharing tool known as SharePoint. The string of breaches adds to an already urgent and complex dynamic: Institutions that are longtime SharePoint users can face increased risk by continuing to use the service, just as Microsoft is winding down support for a platform in favor of newer cloud offerings. Microsoft said on Tuesday that, in addition to other actors, it has seen multiple China-linked hacking groups exploiting the flaw, which is specifically present in older versions of SharePoint that are self-hosted by organizations. It does not impact the newer, cloud-based version of SharePoint that Microsoft has been encouraging customers to adopt for many years. Bloomberg first reported on Wednesday that one of the victims is the United States National Nuclear Security Administration, which oversees and maintains US nuclear weapons. 'On-premises' or self-managed SharePoint servers are a popular target for hackers, because organizations often set them up such that they are exposed on the open internet and then forget about them or don't want to allocate budget to replace them. Even if fixes are available, the owner may neglect to apply them. That's not the case, though, with the bug that sparked this week's wave of attacks. While it relates to a previous SharePoint vulnerability discovered at the Pwn2Own hacking competition in Berlin in May, the patch that Microsoft released earlier this month was itself flawed, meaning even organizations that did their security diligence were caught out. Microsoft scrambled this week to release a fix for the fix, or what the company called 'more robust protections' in its security alert. 'At Microsoft, our commitment—anchored in the Secure Future Initiative—is to meet customers where they are,' said a Microsoft spokesperson in an emailed statement. 'That means supporting organizations across the full spectrum of cloud adoption, including those managing on-premises systems.' Microsoft still supports SharePoint Server versions 2016 and 2019 with security updates and other fixes, but both will reach what Microsoft calls 'End of Support' on July 14, 2026. SharePoint Server 2013 and earlier have already reached end of life and receive only the most critical security updates through a paid service called 'SharePoint Server Subscription Edition.' As a result, all SharePoint server versions are increasingly part of a digital backwater where the convenience of continuing to run the software comes with significant risk and potential exposure for users—particularly when SharePoint servers sit exposed on the internet. 'Years ago, Microsoft positioned SharePoint as a more secure replacement for old school Windows file sharing tools, so that's why organizations like government agencies invested in setting up those servers. And now they just run at no additional cost, versus a Microsoft365 subscription in the cloud that involves a subscription,' says Jake Williams, a longtime incident responder who is vice president of research and development at Hunter Strategy. 'So Microsoft tries to nudge the holdouts by charging for extended support. But if you are exposing a SharePoint server to the internet I would emphasize that you also have to budget for incident response, because that server will eventually get popped.' The United States Cybersecurity and Infrastructure Security Agency said in guidance about the vulnerability on Tuesday that, 'CISA recommends disconnecting public-facing versions of SharePoint Server that have reached their end-of-life (EOL) or end-of-service (EOS). For example, SharePoint Server 2013 and earlier versions are end-of-life and should be discontinued if still in use." The ubiquity of Microsoft's Windows operating system around the world has led to other situations in which a long goodbye has created security issues for holdout users—and other organizations or individuals with connections to a vulnerable entity. Microsoft struggled to deal with the long tail of users on extremely popular Windows editions including Windows XP and Windows 7. But legacy software is a challenge for any software or digital infrastructure provider. Earlier this year, for example, Oracle reportedly notified some customers about a breach after attackers compromised a 'legacy environment' that had been largely retired in 2017. The challenge with a service like SharePoint is that it often acts as an ancillary tool without ever being the center of attention. 'For on-premises software like SharePoint, which is deeply integrated into the Microsoft identity stack, there are multiple points of exposure that need to be continuously monitored in order to know, expose, and close critical gaps,' says Bob Huber, chief security officer at the cybersecurity company Tenable. When asked about the alleged breach at the National Nuclear Security Administration, the Department of Energy emphasized that the incident did not impact sensitive or classified data. 'On Friday, July 18, the exploitation of a Microsoft SharePoint zero-day vulnerability began affecting the Department of Energy, including the NNSA,' a DOE spokesperson told WIRED in a statement. "The Department was minimally impacted due to its widespread use of the Microsoft M365 cloud and very capable cybersecurity systems. A very small number of systems were impacted. NNSA is taking the appropriate action to mitigate risk and transition to other offerings as appropriate.' Microsoft did not immediately return WIRED's requests for comment about the process of sunsetting SharePoint Server. The company wrote in a blog post on Tuesday that customers should keep supported versions of SharePoint Server updated with the latest patches and turn on Microsoft's 'Antimalware Scan Interface' as well as Microsoft Defender Antivirus.
Yahoo
7 days ago
- Business
- Yahoo
Tally of Microsoft Victims Surges to 400 as Hackers Exploit SharePoint Flaw
(Bloomberg) -- The number of companies and organizations compromised by a security vulnerability in Microsoft Corp.'s SharePoint servers is increasing rapidly, with the tally of victims soaring more than six-fold in a few days, according to one research firm. Trump Awards $1.26 Billion Contract to Build Biggest Immigrant Detention Center in US Why the Federal Reserve's Building Renovation Costs $2.5 Billion Salt Lake City Turns Winter Olympic Bid Into Statewide Bond Boom Milan Corruption Probe Casts Shadow Over Property Boom The High Costs of Trump's 'Big Beautiful' New Car Loan Deduction Hackers have breached about 400 government agencies, corporations and other groups, according to estimates from Eye Security, the Dutch cybersecurity company that identified an early wave of the attacks last week. That's up from roughly 60 based on its previous estimate provided to Bloomberg News on Tuesday. The security firm said that most of the victims are in the US, followed by Mauritius, Jordan, South Africa and the Netherlands. The National Nuclear Security Administration, the US agency responsible for maintaining and designing the nation's cache of nuclear weapons, was among those breached, Bloomberg reported earlier. The National Institutes of Health was also impacted through the SharePoint flaws, according to a person familiar with the matter. Andrew Nixon, a spokesperson for the Department of Health and Human Services, said, 'The Department and its security teams are actively engaged in monitoring, identifying, and mitigating all risks to our IT systems posed by the Microsoft SharePoint vulnerability.' 'At present, we have no indication that any information was breached as a result of this vulnerability,' he said, adding that the department is collaborating with Microsoft and the US Cybersecurity and Infrastructure Security Agency. The Washington Post previously reported that NIH was breached. The hacks are among the latest major breaches that Microsoft has blamed, at least in part, on China and come amid heightened tensions between Washington and Beijing over global security and trade. The US has repeatedly criticized China for campaigns that have allegedly stolen government and corporate secrets over a period spanning decades. The real number of victims from the SharePoint exploits 'might be much higher as there can be many more hidden ways to compromise servers that do not leave traces,' Eye Security's co-owner Vaisha Bernard said in an email to Bloomberg News. 'This is still developing, and other opportunistic adversaries continue to exploit vulnerable servers.' The organizations compromised in the SharePoint breaches include many working in government, education and technology services, Bernard said. There were smaller numbers of victims in countries across Europe, Asia, the Middle East and South America. State-backed hackers tend to exploit major cybersecurity weaknesses, like the SharePoint vulnerability, in waves, according to Sveva Scenarelli, a threat analyst with Recorded Future Inc. They start with secretive, targeted hacks and then, once the vulnerability is discovered, will begin using it more indiscriminately, she said. 'Once access has been acquired, individual threat groups can then triage compromised organizations, and prioritize those of particular interest for follow-on activity,' said Scenarelli, of the cyber intelligence firm's Insikt Group. She said this can include finding ways to maintain access to a compromised network, burrowing deeper and setting up paths to steal sensitive information. US Treasury Secretary Scott Bessent, who is set to meet his Chinese counterparts in Stockholm next week for a third round of trade talks, suggested in a Bloomberg Television interview Wednesday that the SharePoint hacks will be discussed. 'Obviously things like that will be on the agenda with my Chinese counterparts,' he said. The security flaws allow hackers to access SharePoint servers and steal keys that can let them impersonate users or services, potentially enabling deep access into compromised networks to steal confidential data. Microsoft has issued patches to fix the vulnerabilities, but researchers cautioned that hackers may have already got a foothold into many servers. Microsoft on Tuesday accused Chinese state-sponsored hackers known as Linen Typhoon and Violet Typhoon of being behind the attacks. Another hacking group based in China, which Microsoft calls Storm-2603, also exploited them, according to the company. The Redmond, Washington company has repeatedly blamed China for major cyberattacks. In 2021, an alleged Chinese operation compromised tens of thousands of Microsoft Exchange servers. In 2023, another alleged Chinese attack on Microsoft Exchange compromised senior US officials' email accounts. A US government review later accused Microsoft of a 'cascade of security failures' over the 2023 incident. Eugenio Benincasa, a researcher at ETH Zurich's Center for Security Studies who specializes in analyzing Chinese cyberattacks, said members of the groups identified by Microsoft had previously been indicted in the US for their alleged involvement in hacking campaigns targeting US organizations. They are well known for their 'extensive espionage,' he said. It's likely that the SharePoint breaches are being carried out by proxy groups that work with the government rather than Chinese government agencies directly carrying out the hacking, according to Benincasa. Private hacking companies in the country sometimes participate in 'hacker for hire' operations, he added. 'Now that at least three groups have reportedly exploited the same vulnerability, it's plausible more could follow,' he said. 'Cybersecurity is a common challenge faced by all countries and should be addressed jointly through dialogue and cooperation,' said Chinese Foreign Ministry spokesman Guo Jiakun. 'China opposes and fights hacking activities in accordance with the law. At the same time, we oppose smears and attacks against China under the excuse of cybersecurity issues.' According to Microsoft, the hacking group Linen Typhoon was first identified in 2012, and is focused on stealing intellectual property, primarily targeting organizations related to government, defense, strategic planning, and human rights. Violet Typhoon, first observed in 2015, was 'dedicated to espionage' and primarily targeted former government and military personnel, non-governmental organizations, as well as media and education sectors in the US, Europe, and East Asia. The hackers have also used the SharePoint flaws to break into systems belonging to the US Education Department, Florida's Department of Revenue and the Rhodes Island General Assembly, Bloomberg previously reported. Edwin Lyman, director of nuclear power safety for the Union of Concerned Scientists, said that while the National Nuclear Security Administration possesses some of the most restricted and dangerous information in the world, the networks where classified information are stored are isolated from the internet. 'So even if those networks were compromised, I'm not sure how such information could have been transmitted to the adversaries,' Lyman said in an email. 'But there are other categories of information that are sensitive but unclassified, that may be treated with less care and might have been exposed. This includes some information related to nuclear materials and even nuclear weapons.' --With assistance from Lucille Liu, Ari Natter and Jessica Nix. (Updates with details of NIH breach starting in fourth paragraph.) Elon Musk's Empire Is Creaking Under the Strain of Elon Musk Burning Man Is Burning Through Cash A Rebel Army Is Building a Rare-Earth Empire on China's Border What the Tough Job Market for New College Grads Says About the Economy How Starbucks' CEO Plans to Tame the Rush-Hour Free-for-All ©2025 Bloomberg L.P. Error in retrieving data Sign in to access your portfolio Error in retrieving data Error in retrieving data Error in retrieving data Error in retrieving data
Bloomberg
7 days ago
- Business
- Bloomberg
US Nuclear Body Among Those Impacted By SharePoint Breech
The US National Nuclear Security Administration and other agencies have been breached by hackers exploiting vulnerabilities in Microsoft's SharePoint software. Bloomberg's Jake Bleiberg discusses the latest updates with Caroline Hyde and Ed Ludlow on 'Bloomberg Tech.' (Source: Bloomberg)
Axios
7 days ago
- Axios
More than 400 systems compromised in Microsoft hacking spree, researchers find
Hackers have already compromised more than 400 organizations using a recently discovered flaw in Microsoft SharePoint servers, according to researchers at Eye Security. Why it matters: That number has raised dramatically from estimates earlier this week that hackers had only broke into about 60 government agencies, critical infrastructure entities and companies. Driving the news: Microsoft says at least three China-based hacking groups, including two government teams, have been exploiting a flaw in on-premise SharePoint servers since at least July 7. The National Nuclear Security Administration, which is responsible for maintaining the country's cache of nuclear weapons, is among the victims, according to Bloomberg. The National Institutes of Health and several other government agencies, energy companies and universities have also been broken into, according to the Washington Post. The Chinese embassy said in a statement Tuesday that "we firmly oppose smearing others without solid evidence." Zoom in: Researchers at Eye Security said in a blog post Thursday that they've scanned more than 23,000 vulnerable SharePoint servers worldwide and have found that more than 400 are "actively compromised." Eye Security first discovered on the SharePoint vulnerability, which would give intruders the ability to access documents stored on servers and execute code, last week and started notifying potential victims. Microsoft issued a patch for all vulnerable versions of SharePoint late Monday, but researchers say they've observed the hackers also stealing machine keys that would allow them to re-enter devices even after they're patched. What to watch: Researchers widely anticipate multiple hacking groups to target vulnerable SharePoint servers, even after they've been patched.
