Infiltration of a U.S. nuclear security agency by Chinese cyber attackers, as reported by authorities.
The United States National Nuclear Security Administration (NNSA) and several other U.S. federal agencies have been affected by a breach linked to a zero-day vulnerability in Microsoft's SharePoint document software. The breach, which occurred on Friday, July 18th, has reportedly impacted hundreds of organisations worldwide, including government entities, energy companies, and institutions in the healthcare, media, higher education, and finance sectors.
According to reports, the Chinese hacking groups Storm-2603, Linen Typhoon, and Violet Typhoon were responsible for the breach. These groups, backed by the Chinese Communist Party (CCP), utilised flaws in the document-sharing software that exist for customers who run it on their own networks.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) was aware of active exploitation of the SharePoint vulnerability as of Sunday. The agency is working with federal and private sector partners to address the issue and has issued emergency alerts and added the vulnerabilities to its known exploited vulnerabilities catalog to prompt defensive action.
Microsoft has warned that Chinese state-sponsored actors were exploiting flaws in the SharePoint software of institutions across the globe. In response, Microsoft rapidly developed and released security updates by late July 21, 2025, for all affected SharePoint versions to fix these zero-day vulnerabilities. In the absence of patches initially, Microsoft advised organisations to enable AMSI integration and deploy Defender AV on SharePoint servers as mitigations to impede exploitation.
The Energy Department confirmed the breach to our website Digital on Wednesday. The Department of Energy (DoE) largely utilises the cloud, so only a "very small number of systems were impacted."
This decision was made following a ProPublica report that exposed the practice and suggested it could expose the DoD to Chinese hackers. Last week, Microsoft announced it would stop using engineers based in China to provide technical support for clients within the Defense Department using the company's cloud services.
The Chinese foreign ministry spokesperson, Guo Jiakun, responded to the allegations, stating China opposes hacking activities and cybersecurity smears. However, the ongoing exploitation and theft of cryptographic material emphasise the importance of rapid patch deployment and cybersecurity vigilance.
At the time of writing, the agency does not know of any sensitive or classified information that has been stolen at this time. The response to the breach is ongoing, with all impacted systems being restored.
- The breach in Microsoft's SharePoint document software, exploited by Chinese hacking groups, has raised concerns in the realm of cybersecurity, particularly for government entities, as it highlights the need for vigilance and quick patch deployment.
- The ongoing politics surrounding technology usage has been highlighted by the recent breach in Microsoft's SharePoint software, leading to the decision by Microsoft to cease using engineers based in China for providing technical support to the Defense Department's cloud services.
- While the breach in Microsoft's SharePoint software has affected numerous organizations worldwide, including those in the general-news, crime-and-justice, energy, healthcare, media, higher education, and finance sectors, at this point in time, there is no reported theft of sensitive or classified information.
