In a concerning breach of national security, the National Nuclear Security Administration (NNSA), a key agency within the U.S. Department of Energy, has fallen victim to attacks taking advantage of a recently patched Microsoft SharePoint zero-day vulnerability. The revelation came after the Department of Energy confirmed that hackers accessed the NNSA’s network last week, raising alarms about the security of the nation’s nuclear weapons stockpile and its response capabilities to nuclear and radiological emergencies.
On July 18th, the exploitation of the Microsoft SharePoint zero-day vulnerability was first detected affecting the Department of Energy. According to Press Secretary Ben Dietderich, the impact on the agency was minimized thanks to the extensive use of Microsoft M365 cloud services and efficient cybersecurity measures in place. He stated, “only a very small number of systems were impacted” and confirmed that efforts are underway to restore the affected systems.
In parallel, reports have emerged that the same vulnerabilities exploited in this attack have also allowed hackers to breach systems at other agencies, including the U.S. Department of Education. Furthermore, various national government networks in Europe and the Middle East have reportedly been compromised. Bloomberg indicated that sensitive and classified information does not appear to have been jeopardized in this particular breach.
Investigations by Microsoft have linked the ongoing exploitation of these vulnerabilities to Chinese state-sponsored hacking groups. The tech giant identified actors named Linen Typhoon and Violet Typhoon as being involved. In total, cybersecurity firms estimate that over 400 servers have been compromised globally, including multiple organizations within North America and Western Europe. The Cybersecurity and Infrastructure Security Agency (CISA) has since added the related CVE-2025-53770 vulnerability to its catalog of exploited vulnerabilities, mandating U.S. federal agencies secure their systems as a precautionary measure.