China-Linked Hackers Breach US Nuclear Weapons Agency In Sophisticated Operation

The National Nuclear Security Administration (NNSA) has been hit by a sophisticated cyberattack that exploited a previously unknown vulnerability in Microsoft SharePoint, and is being widely described by one of the most serious breaches of US defense infrastructure this year. Fingers in the West are pointing to Beijing.

Hackers believed linked to the Chinese government used a zero-day exploit targeting on-premises versions of SharePoint to infiltrate over 50 organizations, including the agency responsible for the Navy’s nuclear submarine reactors. China is vehemently denying the charge.

The NNSA oversees both the production of nuclear reactors for submarines and the maintenance of the US nuclear arsenal. Cybersecurity experts are currently describing what’s known as an advanced remote code execution (RCE) attack.

The vulnerability reportedly affected SharePoint Server 2019 and the Subscription Edition, which allowed attackers to bypass security protocols and execute arbitrary commands on targeted systems, as described in Bloomberg.

The US Department of Energy is well-known to use Microsoft 365 cloud systems for a lot of its SharePoint work. “The department was minimally impacted due to its widespread use of the Microsoft M365 cloud and very capable cybersecurity systems,” a Department of Energy spokesperson conveyed in a statement to Bloomberg. “A very small number of systems were impacted. All impacted systems are being restored.”

It’s believed the hackers were able to gain unauthorized access, steal data, collect login credentials, and potentially move deeper into connected networks; however, the Department of Energy has claimed no classified or sensitive nuclear data was compromised in the breach.

“A very small number of systems were impacted. All impacted systems are being restored,” the statement continued.

Officials credited the agency’s early transition to Microsoft 365 cloud services for minimizing the impact of the breach, as the vulnerability specifically affected only on-premises SharePoint systems and did not impact the cloud-based platform.

“The department experienced minimal impact thanks to its broad adoption of Microsoft M365 and robust cybersecurity infrastructure,” a DOE spokesperson said.

A Microsoft statement said as follows:

Microsoft says it is investigating the breaches and that it has “high confidence” those responsible will “continue to integrate [these vulnerabilities] into their attacks,” with others reported against government entities in Canada, Brazil, Spain, Indonesia, South Africa, the United Kingdom, and Switzerland.

About the Author: Patriotman

Patriotman currently ekes out a survivalist lifestyle in a suburban northeastern state as best as he can. He has varied experience in political science, public policy, biological sciences, and higher education. Proudly Catholic and an Eagle Scout, he has no military experience and thus offers a relatable perspective for the average suburban prepper who is preparing for troubled times on the horizon with less than ideal teams and in less than ideal locations. Brushbeater Store Page: http://bit.ly/BrushbeaterStore