Energy Division Faces Cyberattack Linked to Microsoft SharePoint
The Energy Division confirmed a cyberattack that has affected the National Nuclear Security Agency (NNSA) via vulnerabilities in Microsoft’s SharePoint Document software. This was reported to Fox News Digital on Wednesday.
Currently, there’s no evidence suggesting that any classified or confidential information has been compromised.
The Department of Energy (DOE) indicated that the exploitation of these vulnerabilities began on July 18, impacting its systems and the NNSA, which is tasked with overseeing the nation’s nuclear arsenal.
Microsoft has alerted that Chinese state-sponsored groups are taking advantage of these flaws in SharePoint software used by various agencies worldwide. Reports suggest that around 400 entities have been affected by this violation.
Two groups, Linen Typhoon and Violet Typhoon, reportedly connected to the Chinese Communist Party (CCP), have used these vulnerabilities, targeting software that operates on individual networks instead of Microsoft’s cloud services. However, the DOE mentioned that the impact was limited primarily to cloud systems, stating, “just a very few systems were affected.” They also assured that all affected systems have been restored.
There’s also mention of another hacking group from China, Storm-2603, that exploited similar vulnerabilities, according to Microsoft.
In reference to the hack, a spokesperson for China’s Foreign Ministry, Guo Zi-Kun, expressed unawareness of the specifics but stated that China would oppose any illegal hacking activities while also rejecting unfavorable portrayals related to cybersecurity issues.
Charles Carmakal, technology chief at Mandiant Cybersecurity Consulting Group, confirmed that at least one actor involved in the breach is linked to China.
The US Department of Cybersecurity and Infrastructure Security disclosed on Sunday that it was aware of the extensive exploitation of SharePoint vulnerabilities.
Microsoft’s CEO, Satya Nadella, emphasized the importance of cybersecurity last year, especially following criticism regarding the handling of China’s cyber activities involving emails. Subsequently, the company announced plans to cease using China-based engineers for certain Department of Defense projects amid concerns about vulnerability to Chinese hackers.
