Microsoft SharePoint Hack Breaches US National Nuclear Security Administration
The active exploitation of a zero-day vulnerability in Microsoft SharePoint has led to a sweeping cyberattack involving over 100 organizations, including the U.S. National Nuclear Security Administration.
- Republic Business
- 2 min read
A critical zero-day vulnerability in Microsoft’s SharePoint document management software has been actively exploited by hackers, resulting in a major global cyber espionage campaign that breached over 100 organizations, including the U.S. National Nuclear Security Administration (NNSA), Bloomberg News reported on Tuesday, citing a source familiar with the matter.
The NNSA, responsible for maintaining the nation’s nuclear weapons stockpile, was among the high-profile government agencies affected. However, no sensitive or classified information is currently known to have been compromised during the attack.
Microsoft released an initial patch earlier this month, but cybersecurity firms found it insufficient, with hackers quickly developing exploits to bypass the fix, leading to the widespread breach.
Microsoft confirmed that the earlier patch did not fully address the vulnerability but has since released additional updates intended to resolve the issue. Despite efforts, the breach—dubbed “ToolShell” by security researchers—enabled attackers to steal cryptographic keys and deploy persistent webshells, giving them near-complete control over compromised SharePoint servers.
Broad Spectrum Of Targets
The cyberattack affected a broad spectrum of targets worldwide, including major corporations, financial institutions, healthcare providers, and multiple U.S. federal agencies. Data from cybersecurity organizations estimate more than 8,000 SharePoint servers remain vulnerable, with active exploitation ongoing in many networks.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued alerts urging organizations running on-premises SharePoint servers to apply the latest patches immediately and implement additional mitigations, warning that patching alone may not be sufficient to fully eradicate the threat.
Microsoft and security experts attribute the ongoing attacks to multiple hacking groups linked to China, including those known as “Linen Typhoon” and “Violet Typhoon.” While Beijing denies involvement in cyberattacks, the incident highlights the persistent risks posed by sophisticated state-sponsored cyber espionage campaigns targeting critical infrastructure and government entities.
Also Read: Infosys Preview: Should Investors Brace For A Bounce Or Brace For Impact
Published By : Rajat Mishra
Published On: 23 July 2025 at 13:42 IST