The US National Nuclear Security Administration was among more than 100 organisations worldwide compromised in a sweeping cyberattack exploiting flaws in Microsoft‘s SharePoint software, with the tech giant attributing the breaches to Chinese state-sponsored hacking groups.Microsoft identified three China-linked groups—Linen Typhoon, Violet Typhoon, and Storm-2603—as exploiting critical vulnerabilities in SharePoint servers that rendered customers running the software on their own networks vulnerable to attack. The breaches affected organizations across multiple sectors, including government agencies, energy companies, consulting firms, and universities spanning from the US to Europe and the Middle East.
US nuclear weapons agency among 100+ organisations breached
The cyberattack campaign began exploiting SharePoint vulnerabilities as early as July 7, according to cybersecurity firm CrowdStrike. Microsoft released initial security patches on July 8 after the flaw was identified at a Berlin hacking competition in May, but hackers found ways to bypass these fixes, enabling continued unauthorised access to systems.The vulnerability, dubbed “ToolShell” by researchers, allowed hackers to steal sign-in credentials including usernames, passwords, and authentication tokens. Cybersecurity firm Eye Security detected compromises on more than 100 servers representing 60 victims across countries including Brazil, Canada, Indonesia, Spain, and the United States.
Three Chinese state-sponsored groups behind global attack
No sensitive or classified information was reportedly compromised in the National Nuclear Security Administration breach, according to sources familiar with the matter. The semiautonomous Energy Department arm responsible for producing and dismantling nuclear weapons was targeted alongside other federal agencies including the US Education Department.The breaches have intensified scrutiny of Microsoft’s security practices following previous high-profile failures. A 2024 US government report described the company’s security culture as needing urgent reforms. Microsoft has since hired government security executives and holds weekly senior leadership meetings focused on improving software resilience.China’s embassy in Washington denied the allegations, stating that China “firmly opposes all forms of cyberattacks” and criticized “smearing others without solid evidence.” The Chinese government routinely denies involvement in state-sponsored hacking operations despite regular attribution by Western cybersecurity firms and government agencies.
