Security Breach: US Nuclear Weapons Agency Targeted in Microsoft SharePoint Attacks

The US Navy’s nuclear weapons agency was reportedly affected by a zero-day vulnerability that targeted on-premises versions of SharePoint. This exploit impacted over 50 organizations recently, including the agency responsible for providing nuclear reactors for submarines. However, Microsoft’s SharePoint Online service, part of its Microsoft 365 cloud service, remained unaffected by the security breach.

While the nuclear weapons agency was impacted by the SharePoint vulnerability, there have been no reports of sensitive or classified information being compromised, as per Bloomberg. This could be attributed to the US Department of Energy’s extensive use of Microsoft 365 cloud systems for its SharePoint operations. A department spokesperson mentioned, “The department experienced minimal impact thanks to its widespread adoption of Microsoft M365 cloud and robust cybersecurity measures. Only a few systems were affected, and all affected systems are being restored.”

Microsoft has swiftly addressed the zero-day exploit by releasing patches for all impacted versions of SharePoint. The vulnerability allowed hackers to gain remote access to SharePoint servers, pilfer data, passwords, and even navigate through interconnected services. The exploit is believed to have stemmed from a combination of two vulnerabilities showcased at the Pwn2Own hacking competition in May.