A couple of days ago, we learned that hackers are actively exploiting vulnerabilities in Microsoft"s on-prem versions of SharePoint. Since this security hole affected thousands of server installations around the globe, including those being used for sensitive purposes, Microsoft was forced to release patches as soon as news about this incident hit the press. Now, troubling details about the extent of this breach are coming to light.
Bloomberg reports that the U.S. Energy Department under the National Nuclear Security Administration (NNSA) was breached as a result of the SharePoint hack, too. The Energy Department is responsible for producing and disassembling nuclear weapons. Meanwhile, the NNSA has the even broader responsibility of counterterrorism, managing the logistics of the transport of nuclear weapons, provisioning nuclear reactors to the U.S. Navy, and responding to radiological emergencies.
The Energy Department confirmed that it had been impacted by the zero-day SharePoint vulnerability, but emphasized that the impact on systems had been minimal since the body is protected by the Microsoft 365 cloud and its "very capable" cybersecurity mechanisms. An unidentified person from the Energy Department also told the media outlet that no classified or sensitive information is known to have leaked through this cyberattack.
This isn"t the Energy Department"s first rodeo with an incident of this nature. It was previously breached in the SolarWinds attack in 2020, but the impact was isolated to business networks only.
In this current wave of attacks on SharePoint, Microsoft has blamed state-sponsored hackers from China. The exact extent and damage of the attacks are unknown, but we do know that it has impacted various organizations around the world. In some instances, there have also been reported cases of stolen credentials and remote code execution (RCE). We"ll likely know more once Microsoft publishes its detailed advisory on the subject as things settle down. If anything, this incident highlights the benefits of SharePoint Online, which remained completely unaffected.