US agency overseeing nuclear weapons breached in Microsoft SharePoint attack

News
By published

The National Nuclear Security Administration is one of over 50 organizations affected by attacks centered around zero-day SharePoint vulnerabilities.

A binary code and Microsoft logo are seen in this multiple exposure illustration photo.
Microsoft confirmed SharePoint vulnerabilities were exploited in recent cyberattacks. (Image credit: Getty Images | NurPhoto)
Disclaimer

This is a developing story, and we will update it with more information as it becomes available.

The Microsoft SharePoint vulnerability known as "ToolShell" is the center of global attacks across United States federal and state agencies. Universities, energy companies, and an Asian telecommunications company have also been attacked.

The NNSA is a semiautonomous arm of the Energy Department. Among other broad-ranging responsibilities, the NNSA produces and dismantles nuclear arms. The agency is also involved in counterterrorism efforts and the transportation of nuclear weapons.

According to a person with knowledge of the situation who spoke with Bloomberg, no sensitive or classified information is known to have been compromised in the attack.

The Energy Department shared the following statement with Bloomberg:

“On Friday, July 18th, the exploitation of a Microsoft SharePoint zero-day vulnerability began affecting the Department of Energy. The department was minimally impacted due to its widespread use of the Microsoft M365 cloud and very capable cybersecurity systems. A very small number of systems were impacted. All impacted systems are being restored.”

Microsoft shared additional details about the attack in a security blog post. The tech giant confirmed that it observed two named Chinese nation-state actors exploiting the SharePoint vulnerabilities.

The actors, Linen Typhoon and Violet Typhoon, targeted internet-facing SharePoint servers.

The vulnerabilities, labeled CVE-2025-53770 and CVE-2025-53771, affect on-premises servers, meaning cloud-based servers are unaffected.

Microsoft has issued out-of-band security updates to address the vulnerabilities.

Bloomberg noted that the full extent of the damage is not clear at this time.

Lotem Finkelstein, Director of Threat Intelligence at Check Point Research, called the attacks "an urgent and active threat," noting that the vulnerabilities place thousands of organizations at risk.

Microsoft has released security updates to all supported versions of SharePoint, but those updates now need to be applied. The tech giant also shared guidance for customers using SharePoint Server.

Sean Endicott
Sean Endicott
News Writer and apps editor

Sean Endicott is a news writer and apps editor for Windows Central with 11+ years of experience. A Nottingham Trent journalism graduate, Sean has covered the industry’s arc from the Lumia era to the launch of Windows 11 and generative AI. Having started at Thrifter, he uses his expertise in price tracking to help readers find genuine hardware value.

Beyond tech news, Sean is a UK sports media pioneer. In 2017, he became one of the first to stream via smartphone and is an expert in AP Capture systems. A tech-forward coach, he was named 2024 BAFA Youth Coach of the Year. He is focused on using technology—from AI to Clipchamp—to gain a practical edge.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.