U.S. National Nuclear Security Administration was among those breached by a hack of Microsoft's SharePoint document management software. The semiautonomous arm of the Energy Department is responsible for producing and dismantling nuclear arms. Other parts of the department were also compromised.
However, according to reports by Bloomberg, no sensitive or classified information is known to have been compromised in the attack on the National Nuclear Security Administration.
That may be possible because the US Department of Energy uses Microsoft 365 cloud systems for a lot of its SharePoint work.
“The department was minimally impacted due to its widespread use of the Microsoft M365 cloud and very capable cybersecurity systems,” says a Department of Energy spokesperson in a statement to Bloomberg. “A very small number of systems were impacted. All impacted systems are being restored.”
As reports start coming in, a single source told Bloomberg that the department, which provides the Navy with nuclear reactors for submarines, was caught up in the zero-day vulnerability that has hit more than 50 organizations in recent days. The exploit affects on-premises versions of SharePoint, but not the SharePoint Online service that Microsoft operates as part of its Microsoft 365 cloud service.
Meanwhile, Microsoft has now patched all versions of SharePoint that are impacted by the zero-day exploit. The flaw allowed hackers to remotely access SharePoint servers and steal data, passwords, and even move across connected services. The exploit appears to have originated from a combination of two bugs that were presented at the Pwn2Own hacking contest in May.
See What’s Next in Tech With the Fast Forward Newsletter
Tweets From @varindiamag
Nothing to see here - yet
When they Tweet, their Tweets will show up here.
