The National Nuclear Security Administration has reportedly been breached by Chinese-affiliated hacking groups exploiting a vulnerability in Microsoft SharePoint software. This zero-day exploit has affected more than 50 organizations, but no sensitive or classified information was leaked. The Department of Energy has mitigated impacts due to its extensive use of Microsoft 365 cloud services. Microsoft has issued patches for all affected SharePoint versions. The exploit resulted from two bugs first presented at the Pwn2Own hacking contest.
A single source tells Bloomberg that the department, which provides the Navy with nuclear reactors for submarines, was caught up in the zero-day vulnerability that has hit more than 50 organizations in recent days.
While the nuclear weapons agency has reportedly been affected by the SharePoint exploit, no sensitive or classified information has leaked according to Bloomberg.
The department was minimally impacted due to its widespread use of the Microsoft M365 cloud and very capable cybersecurity systems.
Microsoft has now patched all versions of SharePoint that are impacted by the zero-day exploit.
Collection
[
|
...
]