A foreign threat actor successfully infiltrated the Kansas City National Security Campus (KCNSC), a critical facility under the National Nuclear Security Administration (NNSA) responsible for manufacturing non-nuclear components for U.S. nuclear weapons. The breach exploited unpatched Microsoft SharePoint vulnerabilities, compromising a high-security site managed by Honeywell FM&T under contract to the NNSA. The incident poses severe risks, as the facility plays a pivotal role in national defense, handling sensitive components tied to nuclear arms. The lack of public acknowledgment from Honeywell, the DOE, or the NNSA despite repeated inquiries heightens concerns over potential espionage, sabotage, or theft of classified defense-related data.Given the facility’s role in nuclear weapons production, the breach could have catastrophic implications, including the compromise of proprietary military technology, disruption of supply chains for critical defense systems, or even geopolitical escalation if adversarial actors gained access to sensitive designs or operational details. The exploitation of unpatched vulnerabilities underscores systemic cybersecurity failures in safeguarding high-value national security infrastructure, raising questions about broader vulnerabilities across the DOE’s network.
TPRM report: https://www.rankiteo.com/company/kcnsc
"id": "kcn0932609102025",
"linkid": "kcnsc",
"type": "Breach",
"date": "10/2025",
"severity": "100",
"impact": "8",
"explanation": "Attack that could bring to a war"{'affected_entities': [{'industry': ['Defense', 'Nuclear Weapons Production'],
'location': 'Kansas City, Missouri, USA',
'name': 'Kansas City National Security Campus (KCNSC)',
'type': 'Government Manufacturing Facility'},
{'industry': ['Defense', 'Nuclear Security'],
'location': 'USA (HQ: Washington, D.C.)',
'name': 'National Nuclear Security Administration '
'(NNSA)',
'type': 'Semi-Autonomous Government Agency'},
{'industry': ['Defense Contracting',
'Advanced Manufacturing'],
'location': 'Kansas City, Missouri, USA',
'name': 'Honeywell Federal Manufacturing & '
'Technologies (FM&T)',
'type': 'Government Contractor'},
{'industry': 'Energy & National Security',
'location': 'USA (HQ: Washington, D.C.)',
'name': 'U.S. Department of Energy (DOE)',
'type': 'Federal Executive Department'}],
'attack_vector': ['Exploitation of Unpatched Software (Microsoft SharePoint)',
'Foreign Threat Actor'],
'data_breach': {'data_exfiltration': 'Likely (given espionage motivation)',
'sensitivity_of_data': 'High (National Security Implications)',
'type_of_data_compromised': ['Defense Manufacturing Data',
'Non-Nuclear Components '
'Information',
'Potentially Classified '
'Technical Data']},
'date_detected': '2023-08',
'description': 'A foreign threat actor infiltrated the Kansas City National '
'Security Campus (KCNSC), a key manufacturing site within the '
'National Nuclear Security Administration (NNSA), by '
'exploiting unpatched Microsoft SharePoint vulnerabilities. '
'The breach targeted a plant producing critical non-nuclear '
'components for US nuclear weapons. The incident was detected '
'in August, with no official responses from KCNSC, Honeywell '
'Federal Manufacturing & Technologies (FM&T), or the '
'Department of Energy (DOE) as of September.',
'impact': {'brand_reputation_impact': ['Potential Erosion of Trust in '
'NNSA/DOE Cybersecurity',
'Negative Perception of Honeywell '
"FM&T's Security Practices"],
'data_compromised': ['Potential Sensitive Defense Manufacturing '
'Data',
'Non-Nuclear Components Design/Production '
'Information'],
'operational_impact': ['Potential Disruption to Nuclear Weapons '
'Component Production',
'Risk to National Security'],
'systems_affected': ['Microsoft SharePoint Servers',
'Potentially Connected Internal Systems']},
'initial_access_broker': {'entry_point': 'Unpatched Microsoft SharePoint '
'Servers',
'high_value_targets': ['Nuclear Weapons Component '
'Designs',
'Manufacturing Processes',
'Supply Chain Data']},
'investigation_status': ['Ongoing (as of September 2023)',
'No Official Updates from Affected Entities'],
'motivation': ['Espionage', 'Access to Sensitive Defense Information'],
'post_incident_analysis': {'root_causes': ['Failure to Patch Known '
'Vulnerabilities in Microsoft '
'SharePoint',
'Inadequate Cybersecurity Measures '
'for High-Sensitivity Facility']},
'references': [{'source': 'CSO Online'}],
'regulatory_compliance': {'regulations_violated': ['Potential Violations of '
'Federal Information '
'Security Management Act '
'(FISMA)',
'Department of Energy '
'Cybersecurity '
'Regulations']},
'response': {'communication_strategy': ['No Public Disclosure by '
'KCNSC/Honeywell/DOE as of September '
'2023',
'NSA Declined Comment'],
'incident_response_plan_activated': 'Yes (August 2023)'},
'threat_actor': 'Foreign Threat Actor (unspecified)',
'title': 'Cyber Breach at Kansas City National Security Campus (KCNSC) via '
'Unpatched SharePoint Vulnerabilities',
'type': ['Cyber Espionage',
'Unauthorized Access',
'Exploitation of Vulnerabilities'],
'vulnerability_exploited': 'Unpatched Microsoft SharePoint Vulnerabilities'}