Just hours after Microsoft confirmed that Chinese state-backed hacking groups exploited a zero-day vulnerability in its SharePoint software, a new report from Bloomberg reveals that the U.S. National Nuclear Security Administration (NNSA) was among the victims.
According to a source familiar with the matter, the agency, which supplies nuclear reactors for the U.S. Navy, was impacted by the SharePoint exploit, which has affected more than 50 organizations in recent days. The flaw targets on-premises versions of SharePoint, and not Microsoft 365’s SharePoint Online.
Fortunately, no classified or sensitive information appears to have been compromised. A spokesperson for the Department of Energy told Bloomberg that the department was “minimally impacted due to its widespread use of the Microsoft M365 cloud and very capable cybersecurity systems.” Only a “very small number of systems were impacted,” and restoration efforts are already underway.
The exploit reportedly stems from a combination of two vulnerabilities showcased during the Pwn2Own hacking competition in May. Microsoft has since patched all affected SharePoint versions, urging customers to apply the security update immediately.
If this article helped you, please consider supporting our work. Every small contribution keeps Abijita.com independent and running.
