Chinese-Supported Hackers Compromise Major U.S. Nuclear Agency

Chinese Hackers Breach Global Systems Utilizing Microsoft Vulnerabilities

Bloomberg News reported on Tuesday about a troubling situation involving state-sponsored hackers from China. They have managed to infiltrate sensitive systems across the globe by exploiting vulnerabilities in Microsoft software.

Microsoft noted that the hackers, linked to groups such as Linen Typhoon, Violet Typhoon, and Storm-2603, have taken advantage of flaws in the SharePoint document sharing software. This allowed them to access private files and internal systems of numerous organizations. While efforts are underway to patch these security issues, researchers have confirmed that over 100 servers have already been compromised, impacting roughly 60 organizations, including agencies in the United States. Among those affected is the National Nuclear Security Administration (NNSA), helping underscore the severity of this breach.

The NNSA operates under the Department of Energy (DOE) and is tasked with managing the nation’s nuclear arsenal, providing reactors for the US Navy, and addressing threats related to nuclear terrorism and proliferation. It’s worth noting that a source familiar with the situation informed Bloomberg News that, while multiple DOE systems were compromised, no classified or sensitive information seems to have been stolen. The DOE hasn’t commented on this incident yet.

Other agencies also caught up in this breach include the U.S. Department of Education, Florida’s Department of Revenue, and the Rhode Island General Assembly. Silas Cutler, a cybersecurity researcher at Michigan’s Censys, indicated that potentially up to 10,000 organizations worldwide might be at risk due to this situation.

Cutler commented, “It’s a dream for ransomware operators, and many attackers are set to work this weekend,” capturing the alarming reality of the ongoing cyber threats.

Interestingly, Chinese officials have denied any involvement in these alleged espionage activities. A report from the Office of the Director of National Intelligence has identified China as a primary cybersecurity threat, impacting both public and private sectors. In the previous year, Chinese hackers also accessed U.S. government emails, including those of diplomats.

Beyond just accessing communications and governmental networks, reports have suggested that Chinese cybercriminals could potentially disrupt critical infrastructure, including the power grid and major U.S. ports. This was brought up by then-national security advisor Jake Sullivan in discussions with former President Joe Biden.

For more than ten years, Microsoft has engaged in operations across the U.S., specifically involving “Digital Escorts”—workers with security clearance but limited technical skills, who have been entering commands from skilled engineers based in China into the U.S. Department of Defense network. Following recent concerns about how these engineers could access sensitive information, cybersecurity experts have emerged to halt such practices.