In a major security lapse, the United States nuclear weapons agency, National Nuclear Security Administration (NNSA), was breached by a hack of Microsoft SharePoint document management software.
As per Bloomberg, an insider revealed that the agency responsible for maintaining and designing the nation’s nuclear arsenal was targeted in a cyber attack.
The hackers have stolen sign-in credentials, including usernames, passwords, hashcode and tokens, however, no classified or sensitive information was compromised.
When asked to comment on the matter, the NNSA referred the questions about the attack to the Energy department, saying, “On Friday, July 18th, the exploitation of a Microsoft SharePoint zero-day vulnerability began affecting the Department of Energy."
They added, “There’s widespread use of Microsoft M365 cloud but due to very capable cybersecurity systems, the impact of the attack on the agency was minimal,” adding that the system impacted were being restored.
The NNSA is responsible for:
The Department of Energy wasn’t the only victim of cyber attack as hackers also broke into the systems of US Education Department, Florida’s Department of Revenue, Rhode Island General Assembly and national governments in various European and Middle Eastern countries.
Microsoft blames Chinese state sponsored hackers for the breach. Three groups named Linen Typhoon, Violet Typhoon and Storm-2603 allegedly backed by the Chinese government leveraged and exploited flaws in SharePoint software for the attack, Microsoft accused.
