BREACHED: Microsoft SharePoint Hack Hits U.S. Nuclear Weapons Agency – Security Crisis Unfolds
When cyberattacks hit critical infrastructure, the stakes couldn't be higher. This time, it's America's nuclear weapons agency caught in the crosshairs of a Microsoft SharePoint security breach.
How did we get here? The same old story—enterprise software vulnerabilities meet sophisticated threat actors. The attack vector? A compromised SharePoint instance, because even nuclear secrets aren't safe from legacy tech debt.
The fallout: While the Pentagon scrambles to assess the damage, security experts warn this could be the tip of the iceberg. After all, if a nuclear agency can get hacked, what chance does your crypto wallet have? (Answer: Probably better, thanks to blockchain's immutable ledger—take notes, traditional finance.)
One thing's clear: In 2025, cyber warfare has gone mainstream. And as usual, taxpayers will foot the bill for another 'unforeseen' security overhaul—just in time for the next breach.
Microsoft blamed state-sponsored hackers from China
The breach exploited weaknesses in the SharePoint platform and hit governments and businesses worldwide. In some cases, attackers stole sign‑in info such as usernames and passwords along with tokens and hash codes, according to an earlier Bloomberg report.
Beyond the Energy Department, this breach extended to systems in national governments across ME and EU, as well as to several U.S. agencies, including the Education Department, the Rhode Island General Assembly, and Florida’s Department of Revenue.
Investigators say the full scope of the intrusion is still being determined. The software flaws affect organizations that run SharePoint locally rather than through Microsoft’s cloud service, leaving on-site installations particularly at risk.
In a Tuesday blog post, Microsoft named two hacking teams linked to China. These include Violet Typhoon and Linen Typhoon. The post mentioned a third group called Storm-2603 using similar tactics to breach systems.
On Monday, Charles Carmakal, chief technology officer at Mandiant, a Google‑owned cybersecurity firm, said in a LinkedIn post: “We assess that at least one of the actors responsible for the early exploitation is a China-nexus threat actor.”
The US Cybersecurity and Infrastructure Security Agency, or CISA, confirmed on Sunday that it was “aware of active exploitation” of the SharePoint weakness. Microsoft responded by issuing patches for local versions of SharePoint, then released a third fix on Monday.
SharePoint is a Core part of Microsoft’s Office suite. It serves as a collaboration hub, letting employees inside organizations access shared files and documents through a central portal.
Microsoft has been attacked by Chinese hacker teams in the past
Last year, Chief Executive Officer of Microsoft Satya Nadella declared cybersecurity as the top priority for the company after a government report slammed the company’s response to a Chinese breach of email accounts belonging to officials.
Earlier this month, Microsoft told customers it WOULD no longer rely on Chinese engineers for cloud services provided to the Pentagon, following media reports that the setup could have allowed attacks on defense systems belonging to the US.
In 2021, another group called Hafnium, linked to China, exploited a separate flaw in Microsoft’s Exchange Server software to break into networks at organizations worldwide.
In a statement emailed to reporters, the Chinese embassy in Washington said Beijing opposed “all forms of cyberattacks” and warned against “smearing others without solid evidence.”
Security researchers first spotted the vulnerability in May during a hacking contest in Berlin organized by Trend Micro. The event offered cash prizes to those who could find undisclosed software bugs. The competition included a $100,000 award for zero-day exploits targeting SharePoint, highlighting how high‑stakes these hidden flaws can be.
Your crypto news deserves attention - KEY Difference Wire puts you on 250+ top sites
