Latest news with #NNSA
Jordan News
03-08-2025
- Jordan News
U.S. Nuclear Weapons Agency Hit by Widespread Cyberattack - Jordan News
Bloomberg has reported that the National Nuclear Security Administration (NNSA)—a division of the U.S. Department of Energy responsible for the design and maintenance of the country's nuclear arsenal—has fallen victim to a significant cyberattack. The breach exploited a critical zero-day vulnerability in Microsoft's SharePoint platform. اضافة اعلان Details of the Attack and Its Impact According to a Department of Energy spokesperson, the attack began on Friday, July 18. Despite the seriousness of the vulnerability, a source familiar with the investigation confirmed that the attackers did not gain access to any classified information. The department stated that the damage was very limited, affecting only a small number of on-premises servers running SharePoint. The limited impact was attributed to the department's reliance on Microsoft's M365 cloud services and advanced cybersecurity infrastructure. Perpetrators and Scope of the Breach Microsoft has attributed the attack to a state-sponsored hacking group linked to the Chinese government. The group reportedly exploited vulnerabilities in SharePoint to infiltrate systems, gain control, and steal security credentials and access tokens. According to Google's Threat Analysis Group, the exploited vulnerability is considered 'a dream for ransomware operators' due to its ability to provide persistent unauthorized access and evade future security patches. The attack was not limited to the NNSA. Other victims included the U.S. Department of Education, the Florida Department of Revenue, and several government systems in countries across the Middle East and Europe. Response Measures On Monday, Microsoft released a new security update to address the active attacks targeting on-premises SharePoint servers. The company emphasized that cloud-based servers were not affected.
Yomiuri Shimbun
24-07-2025
- Yomiuri Shimbun
U.S. Nuclear and Health Agencies Hit in Microsoft Sharepoint Breach
The National Institutes of Health and the federal agency responsible for securing the nation's nuclear weapons were among the victims in a global breach of Microsoft server software over the weekend, according to officials at the agencies. The incident at NIH, which has not been previously reported, involved at least one Microsoft SharePoint server system, said Andrew Nixon, a spokesman for the Department of Health and Human Services, and its scope and severity are being investigated. The compromise at the National Nuclear Security Administration, an arm of the Energy Department, did not affect any classified information, said a person familiar with the matter who, like others, spoke on the condition of anonymity to discuss nonpublic matters. It was first reported by Bloomberg News. The NNSA helps keep 5,000 nuclear warheads secure and ready, guards against radiation leaks, and ensures that weapons do not mistakenly detonate. An NNSA spokesperson said attacks using a 'zero-day vulnerability' had begun affecting the Energy Department, including the NNSA, on Friday. 'The department was minimally impacted due to its widespread use of the Microsoft M365 cloud and very capable cybersecurity systems,' the spokesperson said. Only versions of SharePoint that are hosted by the customer, not those in the cloud, are vulnerable. The spokesperson said only 'a very small number of systems' were affected, adding: 'NNSA is taking the appropriate action to mitigate risk and transition to other offerings as appropriate.' An internal email written by an NIH information technology official and viewed by The Washington Post said the agency's cybersecurity team was working to remediate the SharePoint attack, which was part of a global campaign that targeted government agencies, businesses, universities and other organizations in the United States, Europe and Asia. Hackers connected to the Chinese government were behind at least some of the attacks in the past few days, defenders working on the intrusions said in interviews. Security firms helping affected customers said that many hacking groups are now trying to exploit the SharePoint flaw and that blueprints for attack methods have been circulating, including on public sites. The operator of most of California's electric grid was also targeted, according to a person familiar with the matter. That nonprofit, the California Independent System Operator, did not confirm nor deny a breach, but said it 'took immediate and decisive actions to assess and contain the threat.' 'There has been no impact to market operations or grid reliability due to this incident,' it said. 'All systems remain stable and fully operational.' The NIH email said eight servers were disconnected from the internet and isolated. One was compromised, and two showed evidence of attempted breaches that were blocked. The servers taken offline were used to host NIH websites, including websites for the National Institute of Diabetes and Digestive and Kidney Diseases and the Fogarty International Center, which supports global health research and trains scientists. The National Institutes of Health is the country's biggest funder of biomedical research, supporting studies that delve into a wide range of basic research and human health conditions. 'We are actively investigating the scope and severity of the incident, while taking all necessary steps to protect sensitive information and strengthen system security with our partners moving forward,' DHS spokesman Nixon said. He added that while one server was impacted, others were isolated as a precaution. 'We have no indication that any information was exfiltrated as a result of this SharePoint vulnerability,' he added. The FBI and other agencies are investigating the compromise of Microsoft's SharePoint collaboration software. The company issued the last of three patches for affected versions of its software on Monday. A spokeswoman for the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency, which was alerted to the issue on Friday by a cybersecurity firm, warned Sunday that hackers were exploiting a software flaw that could allow them full access to information being exchanged on the SharePoint systems. That information could include file systems and login and password data. Because SharePoint is often used in tandem with other Microsoft programs and databases. Another major concern is that hackers left back doors in some targets that will allow them to return. The Chinese Embassy did not address the country's alleged role in the hacking wave, but it questioned the strength of the evidence in past accusations. 'Cyberspace is characterized by strong virtuality, difficulty in tracing origins, and diverse actors, making the tracing of cyberattacks a complex technical issue,' embassy spokesman Liu Pengyu said in an email. Treasury Secretary Scott Bessent told Bloomberg Television on Wednesday that the SharePoint hacks would be discussed during trade talks with Chinese officials in Stockholm next week. Alex Stamos, chief information security officer at SentinelOne, said that SharePoint systems hosted on a customer's premises were a natural weak spot and that transitioning to the cloud would be much safer. 'Nobody should be running Microsoft on-premise products anymore,' he said. The wave of attacks comes at a difficult time for both Microsoft and CISA, the lead U.S. agency for helping to protect civilian entities from cyberattacks. Microsoft had been alerted to a security weakness in SharePoint recently and issued a fix. But hackers discovered that the fix was inadequate and figured out a way around it. The company has been widely criticized over the past few years for other security mistakes in its core products and internal architecture, including one that allowed Chinese hackers to obtain a digital key that allowed them to validate customers, leading to email breaches at the departments of State and Commerce. At the same time, Microsoft's add-on security products have become an increasingly important source of its revenue as it spends more on artificial intelligence. 'Government agencies have become dependent on a company that not only doesn't care about security, but is making billions of dollars selling premium cybersecurity services to address the flaws in its products,' said Sen. Ron Wyden (D-Oregon). Microsoft did not respond to a request for comment. CISA, meanwhile, is reeling from budget cuts and high turnover. In March, DHS cut $10 million in funding to the nonprofit Center for Internet Security for routing warnings of cyberattacks to 18,000 state and local entities. The subsequent job cuts slowed the notifications of about 1,000 members exposed to the weekend hacking campaign, the center said. The center's chief executive, John Gilligan, said the administration's budget request for the coming year had no money for CIS, leaving it scrambling to get states to pay membership fees instead.
Fox News
23-07-2025
- Business
- Fox News
Chinese hackers breach US nuclear security agency in cyberattack operation, officials say
A sweeping cyberattack breached the U.S. National Nuclear Security Administration (NNSA) through Microsoft's Sharepoint document software, the Energy Department confirmed to Fox News Digital on Wednesday. The agency does not know of any sensitive or classified information that has been stolen at this time. "On Friday, July 18th, the exploitation of a Microsoft SharePoint zero-day vulnerability began affecting the Department of Energy, including the NNSA," a Department of Energy (DoE) told Fox News Digital, referring to the agency responsible for maintaining and designing the nation's nuclear weapons stockpiles. Microsoft warned that Chinese state-sponsored actors were exploiting flaws in the SharePoint software of institutions across the globe. Netherlands-based Eye Security told Reuters the breach has now claimed 400 victims. Linen Typhoon and Violet Typhoon, the two groups backed by the CCP involved in the hack, utilized flaws in the document-sharing software that exist for customers who run it on their own networks rather than through Microsoft's cloud software. But DoE said it largely utilizes the cloud, so only a "very small number of systems were impacted." "All impacted systems are being restored." Another hacking group based in China, Storm-2603, also exploited the vulnerabilities, according to Microsoft. Asked about the hack on Wednesday, Chinese foreign ministry spokesperson Guo Jiakun said he wasn't aware of the specifics, but: "China opposes and fights hacking activities in accordance with the law. At the same time, we oppose smears and attacks against China under the excuse of cybersecurity issues." Charles Carmakal, technology chief of the Google-owned Mandiant cybersecurity consulting group, confirmed Monday in a LinkedIn post that at least one of the organizations involved in the hack was a "China-nexus threat actor." On Sunday, the U.S. Cybersecurity and Infrastructure Security Agency said it was "aware of active exploitation" of the SharePoint vulnerability. Microsoft CEO Satya Nadella vowed last year to make cybersecurity a top priority after a government report criticized the company's handling of a Chinese breach of the emails of U.S. government officials. Just last week, the company vowed to stop using engineers based in China to provide technical support for clients within the Defense Department using the company's cloud services. That came after a ProPublica report revealed the practice and said it could expose the DoD to Chinese hackers.
TechCrunch
23-07-2025
- Business
- TechCrunch
Hundreds of organizations breached by SharePoint mass-hacks
Security researchers say hackers have breached at least 400 organizations by exploiting a zero-day vulnerability in Microsoft SharePoint, signalling a sharp rise in the number of detected compromises since the bug was discovered last week. Eye Security, a Dutch cybersecurity firm that first identified the vulnerability in SharePoint, a popular server software that companies use to store and share internal documents, said it had identified hundreds of affected SharePoint servers by scanning the internet. The number has risen from the dozens of known compromised servers as of earlier this week. Bloomberg reports that one of the affected organizations includes the National Nuclear Security Administration (NNSA), the federal agency responsible for maintaining and developing the U.S. stockpile of nuclear weapons. A spokesperson for the Department of Energy, which houses the NNSA, did not respond to TechCrunch's request for comment. Several other government departments and agencies were also compromised in an early wave of attacks exploiting the SharePoint bug, researchers confirmed. Data suggests hackers were exploiting the vulnerability as early as July 7. The bug, officially known as CVE-2025-53770, affects self-hosted versions of SharePoint that companies set up and manage on their own servers. Once exploited, the bug allows an attacker to remotely run malicious code on the affected server, permitting access to the files stored inside, as well as other systems on the company's wider network. The vulnerability is known as a zero-day because Microsoft had no time to release patches before it was exploited. Microsoft has since released patches for all affected SharePoint versions. Google and Microsoft say they have evidence that several China-backed hacking groups are exploiting the bug, but warned companies to expect an uptick in compromises as more hacker groups seek to take advantage of the vulnerability. The Chinese government denied the allegations.
Time of India
23-07-2025
- Business
- Time of India
Massive SharePoint breach, including US nuclear agency - Microsoft links attack to 3 China-backed hackers
A major cyberattack has hit Microsoft's SharePoint server software, affecting many organizations around the world. Microsoft confirmed that three Chinese hacker groups — Violet Typhoon, Linen Typhoon, and Storm-2603 — are involved in the attack, as per the Microsoft Blog. These hackers exploited major flaws in Microsoft's on-premises SharePoint servers, not the cloud-based ones. The flaws allowed the hackers to break in remotely, giving them access to internal systems of many victims. The cyberattack started on Saturday, July 18, according to Microsoft's initial report, as per the reports. Explore courses from Top Institutes in Please select course: Select a Course Category MBA Design Thinking Cybersecurity Others Healthcare others Operations Management Technology Data Analytics MCA Artificial Intelligence Finance Degree Project Management healthcare Data Science Data Science CXO Digital Marketing Product Management Management Public Policy PGDM Leadership Skills you'll gain: Analytical Skills Financial Literacy Leadership and Management Skills Strategic Thinking Duration: 24 Months Vellore Institute of Technology VIT Online MBA Starts on Aug 14, 2024 Get Details Skills you'll gain: Financial Management Team Leadership & Collaboration Financial Reporting & Analysis Advocacy Strategies for Leadership Duration: 18 Months UMass Global Master of Business Administration (MBA) Starts on May 13, 2024 Get Details U.S. government agencies hit by hackers U.S. federal investigators say that at least two federal agencies were affected, and that number may rise. One official said they believe four to five federal agencies may have been breached. The U.S. National Nuclear Security Administration (NNSA) was also hacked. This agency designs and manages U.S. nuclear weapons, according to the report by Bloomberg. by Taboola by Taboola Sponsored Links Sponsored Links Promoted Links Promoted Links You May Like New Container Houses Indonesia (Prices May Surprise You) Container House | Search ads Search Now Undo Luckily, no classified or sensitive data appears to have been stolen from NNSA. The Energy Department confirmed it was also impacted by the breach but said only a few systems were affected. The Energy Department explained that because it uses Microsoft M365 cloud systems, the damage was limited. ALSO READ: LinkedIn job applications surge 45% as AI tools like ChatGPT, resume Bots, and hiring automation take over the job search in 2025 Live Events All affected Energy Department systems are now being restored, according to its spokesperson. The attack used two main vulnerabilities: CVE-2025-49706 and CVE-2025-49704. These bugs are only present in SharePoint servers that are managed on-site by customers — not in Microsoft's cloud version, as stated by Microsoft. Microsoft issues fixes, but hackers still a threat Microsoft released security patches on July 19 to fix these issues and urged users to install them immediately. The company also warned that more hackers might start using the same flaws if users don't update their systems. Microsoft says there is "high confidence" that hackers will continue to exploit the bugs if servers remain unpatched, as per the reports. Private cybersecurity firm Mandiant said that at least one group involved is linked to Beijing. Another major cybersecurity researcher said the behavior they saw 'lines up perfectly' with Chinese hackers. Microsoft stated that hackers used post-exploitation techniques, which means they dug deeper into systems after breaking in. Microsoft also warned about possible data theft including usernames, passwords, tokens, and hash codes. The FBI and CISA are working with Microsoft to investigate and respond to the attacks. The White House and Chinese Embassy in Washington did not respond to questions about China's involvement. As of now, the U.S. government has not officially blamed China for the breaches, as per the POLITICO report. More groups could be in danger worldwide Silas Cutler, a researcher at scanning firm Censys, and Piotr Kijewski, CEO of The Shadowserver Foundation, said about 100 organizations have been affected so far. They also warned that thousands more organizations could still be vulnerable to this same attack. Some of the other victims include national governments in Europe and the Middle East, Florida's Department of Revenue, and the Rhode Island General Assembly, as per the report by Bloomberg. ALSO READ: Kyiv erupts: Massive protests rock Zelensky amid explosive anti-corruption scandal Microsoft failed to patch at least one of the bugs earlier this month and only released partial fixes for others. Microsoft now recommends using updated SharePoint server versions and turning on Defender Antivirus or similar tools. They also advise customers to rotate SharePoint machine keys, restart IIS servers, and use Full Mode AMSI scanning. Microsoft said it is working closely with CISA, the Department of Defense Cyber Command, and other global partners. Microsoft faces heat from U.S. lawmakers The attack is one of the biggest cybersecurity threats during Donald Trump's second term in office so far. Microsoft says other non-China hacker groups are also trying to use the same bugs to attack more victims. Charles Carmakal, CTO of Mandiant, warned that more hackers will 'leverage this exploit' soon. Lawmakers are now criticizing Microsoft for putting U.S. systems at risk and still depending on China-based engineers. Sen. Ron Wyden said Microsoft is selling security upgrades while failing to secure its main products. Lawmakers from the House Homeland Security Committee have asked Microsoft and CISA for a briefing on the issue, as stated by POLITICO. In a similar 2020 SolarWinds hack, the NNSA had also been breached, but the malware stayed only on business networks. In 2023, Chinese hackers exploited Microsoft again and stole emails from the U.S. ambassador to China and Commerce Secretary. That 2023 attack led to a federal review panel criticizing Microsoft for poor security practices, as per the Bloomberg report. Recently, the Pentagon said it will review all its cloud systems, after reports that China-based engineers worked on Pentagon-related tech. This latest breach is now adding pressure on Microsoft to improve its products and regain trust from the U.S. government, as per the reports. FAQs Q1. What caused the Microsoft SharePoint hack in 2025? Hackers exploited security flaws in Microsoft's on-premises SharePoint servers to access many organizations' systems. Q2. Which U.S. agencies were affected by the SharePoint cyberattack? At least two federal agencies, including the National Nuclear Security Administration and the Energy Department, were impacted.
