National Nuclear Security Administration (NNSA)

The NNSA, a division of the Department of Energy responsible for the nation’s nuclear weapons stockpile, confirmed it was affected by a recent global cyberattack campaign exploiting Microsoft’s SharePoint vulnerabilities. A very small number of systems were impacted, but no classified information was compromised due to NNSA’s strong cybersecurity systems and widespread use of Microsoft M365 cloud services. All impacted systems are being restored, and immediate action was taken to contain the threat.

Source: https://hackread.com/national-nuclear-security-admin-breached-sharepoint-cyberattack/

TPRM report: https://scoringcyber.rankiteo.com/company/national-nuclear-security-administration

"id": "nat349072525",
"linkid": "national-nuclear-security-administration",
"type": "Breach",
"date": "7/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"

{'affected_entities': [{'industry': 'Biomedical Research',
                        'location': 'USA',
                        'name': 'National Institutes of Health (NIH)',
                        'type': 'Government Agency'},
                       {'industry': 'Nuclear Security',
                        'location': 'USA',
                        'name': 'National Nuclear Security Administration '
                                '(NNSA)',
                        'type': 'Government Agency'},
                       {'industry': 'Electric Grid Management',
                        'location': 'California, USA',
                        'name': 'California Independent System Operator',
                        'type': 'Non-Profit'}],
 'attack_vector': 'Exploitation of zero-day vulnerabilities',
 'date_detected': '2025-07-18',
 'description': 'A recent global cyberattack campaign exploiting critical '
                'vulnerabilities in Microsoft’s on-premise SharePoint software '
                'has impacted several US government agencies, including the '
                'National Institutes of Health (NIH) and the National Nuclear '
                'Security Administration (NNSA).',
 'impact': {'systems_affected': ['NIH SharePoint server system',
                                 'NNSA systems',
                                 'California Independent System Operator']},
 'initial_access_broker': {'entry_point': 'Microsoft SharePoint '
                                          'vulnerabilities',
                           'high_value_targets': ['NIH',
                                                  'NNSA',
                                                  'California Independent '
                                                  'System Operator']},
 'investigation_status': 'Ongoing',
 'motivation': 'Unauthorized access to SharePoint content',
 'post_incident_analysis': {'corrective_actions': 'Patching vulnerabilities',
                            'root_causes': 'Zero-day vulnerabilities in '
                                           'Microsoft SharePoint'},
 'references': [{'source': 'Bloomberg News'},
                {'source': 'The Washington Post'},
                {'source': 'Hackread.com'}],
 'response': {'containment_measures': ['Disconnecting affected servers',
                                       'Immediate action to contain the '
                                       'threat'],
              'law_enforcement_notified': True,
              'remediation_measures': ['Restoring impacted systems']},
 'threat_actor': ['Linen Typhoon', 'Violet Typhoon', 'Storm-2603'],
 'title': 'Global Cyberattack on Microsoft SharePoint Software',
 'type': 'Cyberattack',
 'vulnerability_exploited': ['CVE-2025-49706',
                             'CVE-2025-49704',
                             'CVE-2025-53770']}