A sweeping cyberattack breached the U.S. National Nuclear Security Administration (NNSA) through Microsoft’s Sharepoint document software, the Energy Department confirmed to Fox News Digital on Wednesday.
The agency does not know of any sensitive or classified information that has been stolen at this time.
“On Friday, July 18th, the exploitation of a Microsoft SharePoint zero-day vulnerability began affecting the Department of Energy, including the NNSA,” a Department of Energy (DoE) told Fox News Digital, referring to the agency responsible for maintaining and designing the nation’s nuclear weapons stockpiles.
Microsoft warned that Chinese state-sponsored actors were exploiting flaws in the SharePoint software of institutions across the globe. Netherlands-based Eye Security told Reuters the breach has now claimed 400 victims.
Linen Typhoon and Violet Typhoon, the two groups backed by the CCP involved in the hack, utilized flaws in the document-sharing software that exist for customers who run it on their own networks rather than through Microsoft’s cloud software.
But DoE said it largely utilizes the cloud, so only a “very small number of systems were impacted.”
“All impacted systems are being restored.”
Another hacking group based in China, Storm-2603, also exploited the vulnerabilities, according to Microsoft.
Asked about the hack on Wednesday, Chinese foreign ministry spokesperson Guo Jiakun said he wasn’t aware of the specifics, but: “China opposes and fights hacking activities in accordance with the law. At the same time, we oppose smears and attacks against China under the excuse of cybersecurity issues.”
Charles Carmakal, technology chief of the Google-owned Mandiant cybersecurity consulting group, confirmed Monday in a LinkedIn post that at least one of the organizations involved in the hack was a “China-nexus threat actor.”
On Sunday, the U.S. Cybersecurity and Infrastructure Security Agency said it was “aware of active exploitation” of the SharePoint vulnerability.
Microsoft CEO Satya Nadella vowed last year to make cybersecurity a top priority after a government report criticized the company’s handling of a Chinese breach of the emails of U.S. government officials.
Just last week, the company vowed to stop using engineers based in China to provide technical support for clients within the Defense Department using the company’s cloud services. That came after a ProPublica report revealed the practice and said it could expose the DoD to Chinese hackers.
