NEWYou can now listen to articles from a reputable news source!
A significant cyberattack penetrated the U.S. National Nuclear Security Administration (NNSA) by exploiting a vulnerability in Microsoft’s Sharepoint document software, as confirmed by the Energy Department to a digital news outlet on Wednesday.
At this time, the agency has no knowledge of any sensitive or classified information being compromised.
“On Friday, July 18th, the exploitation of a Microsoft SharePoint zero-day vulnerability began affecting the Department of Energy, including the NNSA,” a Department of Energy (DoE) official informed the digital news outlet, referring to the agency responsible for overseeing the nation’s nuclear weapons stockpiles.
Microsoft had warned that Chinese state-sponsored groups were taking advantage of vulnerabilities in SharePoint software used by organizations worldwide. According to a report by Netherlands-based Eye Security, the breach has affected 400 victims.
The hacking groups Linen Typhoon and Violet Typhoon, both associated with the Chinese government, exploited weaknesses in the document-sharing software used by organizations running it on their own networks rather than through Microsoft’s cloud service.
However, the DoE stated that it predominantly relies on cloud services, resulting in only a “very small number of systems” being impacted.
“All affected systems are currently being restored.”
Another Chinese-based hacking group, Storm-2603, also took advantage of the vulnerabilities, as per Microsoft’s findings.
When asked about the cyberattack, a Chinese foreign ministry spokesperson stated that while they were not aware of the specifics, China opposes hacking activities and deals with them according to the law. The spokesperson also emphasized their opposition to unfounded accusations against China related to cybersecurity issues.
Charles Carmakal, technology chief at the cybersecurity consulting firm Mandiant, confirmed via LinkedIn that at least one of the groups involved in the cyberattack was a “China-linked threat actor.”
The U.S. Cybersecurity and Infrastructure Security Agency acknowledged the active exploitation of the SharePoint vulnerability on Sunday.
Microsoft’s CEO, Satya Nadella, had pledged to prioritize cybersecurity following criticism of the company’s response to a previous Chinese breach of U.S. government officials’ emails.
Recently, Microsoft announced its decision to discontinue the use of engineers based in China for providing technical support to clients within the Defense Department using the company’s cloud services. This move came after concerns were raised that the practice could expose the DoD to potential Chinese cyber threats.
