Logo
Cybersecurity

A Microsoft software flaw gave hackers access to the U.S. nuclear weapons agency

The Department of Energy says the impact was small — but the target couldn’t have been more high-stakes

ByEmily Price
Share to TwitterShare to FacebookShare to RedditShare to EmailShare to Link

Adam Gray/Bloomberg via Getty Images

The U.S. agency in charge of designing and maintaining the country’s nuclear weapons arsenal was among the victims of a recent hack targeting Microsoft’s SharePoint software.

Suggested Reading

The economist counting down to America's debt doomsday
OpenAI does damage control after a top exec talked government support for its spending spree
Eli Lilly and Novo Nordisk cut deals with Trump to lower weight loss drug prices

The cyberattack, which exploited a zero-day vulnerability in on-premise versions of SharePoint, hit the National Nuclear Security Administration (NNSA), a semi-autonomous arm of the Department of Energy responsible for everything from building nuclear warheads to dismantling them and responding to radiological emergencies, Bloomberg reports.

Related Content

Elon Musk was more over-the-top than usual after getting his $1 trillion pay package
Nvidia isn't going back to China anytime soon, CEO signals

While reportedly no classified or sensitive data was compromised, the breach is the latest red flag in a string of security incidents tied to widely used enterprise software and shows just how far attackers are willing to go.

A known vulnerability with high-profile consequences

The attack began on July 18 and affected only those running SharePoint on their own servers — not customers using Microsoft’s cloud-based M365 platform.

Microsoft has blamed the breach on Chinese state-sponsored hackers, naming groups like Linen Typhoon, Violet Typhoon, and Storm-2603 as responsible. Those groups allegedly exploited flaws in SharePoint to break into government systems, steal credentials, and potentially maintain long-term access.

It wasn’t just the NNSA that got hit. The Education Department, the Florida Department of Revenue, the Rhode Island General Assembly, and even national governments in Europe and the Middle East were also affected, according to Microsoft.

Microsoft issues patch—but questions linger

Microsoft has since released a fix for the vulnerability and said it's working closely with affected customers. But this incident adds to growing concerns about the risks of sticking with legacy, on-premise systems — especially when those systems are tied to something as critical as national security.

This isn’t the first time the Energy Department or the NNSA has been caught up in a software-related breach. Back in 2020, both were affected by the massive SolarWinds hack, which was also linked to nation-state attackers and exposed weaknesses in how federal agencies manage vendor software.

📬 Sign up for the Daily Brief

Our free, fast and fun briefing on the global economy, delivered every weekday morning.