The National Nuclear Security Administration (NNSA) experienced a sophisticated cyber attack that exploited a previously unknown vulnerability in Microsoft SharePoint. The attack, carried out by Chinese government-affiliated hacking groups, targeted over 50 organizations, including the agency responsible for maintaining the Navy’s nuclear submarine reactors. The attack leveraged a zero-day exploit affecting on-premises SharePoint installations, allowing attackers to bypass authentication mechanisms and execute arbitrary code on target systems. Despite the severity of the attack, no classified or sensitive nuclear information was compromised due to the agency's cloud-based systems usage. The incident highlights the risks posed by on-premises enterprise software installations and the evolving capabilities of advanced persistent threat groups.
Source: https://cybersecuritynews.com/us-nuclear-weapons-agency-breached/
TPRM report: https://scoringcyber.rankiteo.com/company/national-nuclear-security-administration
"id": "nat242072325",
"linkid": "national-nuclear-security-administration",
"type": "Cyber Attack",
"date": "7/2025",
"severity": "100",
"impact": "8",
"explanation": "Attack that could bring to a war"{'affected_entities': [{'industry': 'Defense',
'location': 'United States',
'name': 'National Nuclear Security Administration '
'(NNSA)',
'type': 'Government Agency'}],
'attack_vector': 'Remote Code Execution (RCE) exploit via SharePoint zero-day '
'vulnerability',
'date_detected': '2024-05-01',
'description': 'The National Nuclear Security Administration (NNSA) has '
'fallen victim to a sophisticated cyber attack exploiting a '
'previously unknown vulnerability in Microsoft SharePoint, '
'marking one of the most significant security breaches '
'targeting critical US defense infrastructure this year.',
'impact': {'data_compromised': 'None',
'systems_affected': 'Microsoft SharePoint Server'},
'initial_access_broker': {'entry_point': 'Microsoft SharePoint Server'},
'lessons_learned': 'The incident highlights the importance of supply chain '
'security and the risks posed by on-premises enterprise '
'software installations.',
'motivation': 'Extract sensitive data, harvest user credentials, and '
'potentially pivot to connected network infrastructure',
'post_incident_analysis': {'corrective_actions': 'Emergency security patches '
'released by Microsoft',
'root_causes': 'Zero-day vulnerability in '
'Microsoft SharePoint Server'},
'recommendations': 'Organizations running on-premises SharePoint environments '
'are advised to immediately apply Microsoft’s security '
'updates and conduct comprehensive incident response '
'assessments to identify potential compromise indicators.',
'references': [{'source': 'Bloomberg'}],
'response': {'remediation_measures': 'Emergency security patches released by '
'Microsoft'},
'threat_actor': 'Chinese government-affiliated hacking groups',
'title': 'NNSA Cyber Attack via SharePoint Zero-Day Exploit',
'type': 'Cyber Attack',
'vulnerability_exploited': 'Deserialization vulnerability combined with an '
'authentication bypass flaw in SharePoint Server '
'versions 2019 and Subscription Edition'}