Ransomware cyber

National Nuclear Security Administration

Jul 25, 2025 1 min read
National Nuclear Security Administration

The National Nuclear Security Administration (NNSA), which oversees the U.S. nuclear weapons supply, experienced a breach through a vulnerability in Microsoft SharePoint products. The breach, part of a larger campaign exploiting CVE-2025-49706, resulted in a minimal impact according to the Department of Energy. A very small number of systems were affected, and there is no evidence of sensitive or classified information being compromised. The NNSA is taking appropriate actions to mitigate risks and transition to other offerings as necessary.

Source: https://therecord.media/microsoft-says-warlock-ransomware-deployed-in-sharepoint-attacks

TPRM report: https://scoringcyber.rankiteo.com/company/national-nuclear-security-administration

"id": "nat338072525",
"linkid": "national-nuclear-security-administration",
"type": "Ransomware",
"date": "7/2025",
"severity": "100",
"impact": "",
"explanation": "Attack threatening the organization’s existence"
{'affected_entities': [{'industry': 'Nuclear Weapons Supply',
                        'location': 'United States',
                        'name': 'National Nuclear Security Administration',
                        'type': 'Government'},
                       {'industry': 'Health',
                        'location': 'United States',
                        'name': 'National Institutes of Health',
                        'type': 'Government'},
                       {'industry': 'Security',
                        'location': 'United States',
                        'name': 'Department of Homeland Security',
                        'type': 'Government'}],
 'attack_vector': 'Exploiting CVE-2025-49706 in Microsoft SharePoint',
 'date_detected': '2023-07-17',
 'description': 'Chinese hackers are exploiting a new vulnerability in '
                'Microsoft SharePoint products to deploy ransomware, '
                'increasing the pressure on governments around the world as '
                'they race to assess any damage done to their systems.',
 'impact': {'systems_affected': 'Governments and businesses around the world, '
                                'including the National Nuclear Security '
                                'Administration, National Institutes of '
                                'Health, and Department of Homeland Security'},
 'initial_access_broker': {'entry_point': 'Microsoft SharePoint vulnerability '
                                          'CVE-2025-49706',
                           'high_value_targets': 'Government organizations'},
 'investigation_status': 'Ongoing',
 'post_incident_analysis': {'root_causes': 'Unpatched on-premises SharePoint '
                                           'systems exposed to the internet'},
 'ransomware': {'data_encryption': True, 'ransomware_strain': 'Warlock'},
 'references': [{'source': 'Reuters'},
                {'source': 'Bloomberg'},
                {'source': 'Washington Post'},
                {'source': 'NextGov'},
                {'source': 'ESET'}],
 'response': {'third_party_assistance': 'CISA, Microsoft, MS-ISAC'},
 'threat_actor': 'Storm-2603',
 'title': 'Chinese Hackers Exploit Microsoft SharePoint Vulnerability to '
          'Deploy Warlock Ransomware',
 'type': 'Ransomware',
 'vulnerability_exploited': 'CVE-2025-49706'}
Published by
Jeremy C
Jeremy C
You might also like
Ransomware cyber

NHS

public 1 min read
The NHS has faced disruptions from ransomware attacks, which have crippled services for days or weeks, contributed to a death,…
Jeremy C Jeremy C
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.