US Nuclear Weapons Agency Reportedly Hit In Microsoft ‘Zero-Day’ Breach — DOE Says Impact Was Minimal

Microsoft (MSFT) confirmed over the weekend that its SharePoint document management software, housed on customers’ premises, was breached. It has now emerged that the affected parties included the National Nuclear Security Administration (NNSA), a semi-autonomous agency within the U.S. Department of Energy (DOE). 

A Bloomberg report, citing a person with knowledge of the matter, stated that no sensitive or classified information was compromised in the attack on NNSA. The federal agency is vested with the power of producing nuclear arms and dismantling them.

The report also stated that other parts of the DOE were compromised. Responding to the news media’s query, a DOE spokesperson said, “On Friday, July 18th, the exploitation of a Microsoft SharePoint zero-day vulnerability began affecting the Department of Energy.”

“The department was minimally impacted due to its widespread use of the Microsoft M365 cloud and very capable cybersecurity systems. A very small number of systems were impacted. All impacted systems are being restored.”

The NNSA’s core mission is to maintain a safe, secure, and reliable nuclear stockpile. 

Microsoft’s stock has weathered the cyberattack fairly well.

On Stocktwits, retail sentiment toward the stock, however, has deteriorated to ‘bearish’ from the ‘bullish’ mood seen a week ago, but the 24-hour message volume has perked up to ‘high’ levels.

Providing additional updates on the breach, Microsoft said in a blog post on Tuesday that two Chinese nation-state operators, Linen Typhoon and Violet Typhoon, exploited vulnerabilities in the internet-facing SharePoint servers. 

The software giant also reported another Chinese-based threat actor, named Storm-2603. “Investigations into other actors also using these exploits are still ongoing,” it added.

As a remedy, Microsoft recommends that customers use “supported versions of on-premises SharePoint servers with the latest security updates” and integrate and enable the “Antimalware Scan Interface (AMSI) and Microsoft Defender Antivirus.”

The breach has impacted governments, businesses, and organizations worldwide, and in some instances, hackers have also stolen sign-in credentials, Bloomberg reported.

Among the government agencies impacted are systems belonging to national governments in Europe and the Middle East, as well as the U.S. Department of Education, Florida’s Department of Revenue, and the Rhode Island General Assembly.

For updates and corrections, email newsroom[at]stocktwits[dot]com.

Read Next: Trump Says US Clinched ‘Largest’ Trade Deal With Japan — Nikkei Soars, Analyst Calls It A Win For Ishiba